CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0CVE-2025-68336 – locking/spinlock/debug: Fix data-race in do_raw_write_lock
https://notcve.org/view.php?id=CVE-2025-68336
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+0x120/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: do_raw_write_lock+0x88/0x204 _raw_write_lock_irq do_exit call_usermodehe... • https://git.kernel.org/stable/c/1a365e822372ba24c9da0822bc583894f6f3d821 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68335 – comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
https://notcve.org/view.php?id=CVE-2025-68335
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->read_subdev may not have initialized its pointer to &struct comedi_async as intended. Thus, any such dereferencing of &s->async->cmd will lead to general protection fault and kernel crash. Mitigate this problem by removing a call to pc... • https://git.kernel.org/stable/c/00aba6e7b5653a6607238ecdab7172318059d984 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68334 – platform/x86/amd/pmc: Add support for Van Gogh SoC
https://notcve.org/view.php?id=CVE-2025-68334
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally (non-X) SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 (s2idle causes a crash), this support was dropped by the Xbox Ally which only S0ix suspend. Since the handler is missing here, this causes the device to not suspend and the AMD GPU driver to crash while trying to resume afterwards due to a power hang. • https://git.kernel.org/stable/c/83cbaf14275a30f14cf558b09389a1664b173858 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68332 – comedi: c6xdigio: Fix invalid PNP driver unregistration
https://notcve.org/view.php?id=CVE-2025-68332
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler `c6xdigio_attach()` to configure a Comedi to use this driver, it tries to enable the parallel port PNP resources by registering a PNP driver with `pnp_register_driver()`, but ignores the return value. (The `struct pnp_driver` it uses h... • https://git.kernel.org/stable/c/2c89e159cd2f386285e9522d6476dd7e801bee22 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68331 – usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer
https://notcve.org/view.php?id=CVE-2025-68331
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to an invalid memory address during URB callback handling. Specifically, this happens when the dma_direct_unmap_sg() function is called within the usb_hcd_unmap_urb_for_dma() interface, but the sg->dma_address field is... • https://git.kernel.org/stable/c/eb2a86ae8c544be0ab04aa8169390c0669bc7148 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68330 – iio: accel: bmc150: Fix irq assumption regression
https://notcve.org/view.php?id=CVE-2025-68330
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) ... • https://git.kernel.org/stable/c/c16bff4844ffa678ba0c9d077e9797506924ccdd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68328 – firmware: stratix10-svc: fix bug in saving controller data
https://notcve.org/view.php?id=CVE-2025-68328
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to fail and throw a kernel panic for kthread_stop and fifo free. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/b5dc75c915cdaebab9b9875022e45638d6b14a7e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68327 – usb: renesas_usbhs: Fix synchronous external abort on unbind
https://notcve.org/view.php?id=CVE-2025-68327
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f_ecm modprobe libcomposite modprobe configfs cd /sys/kernel/config/usb_gadget mkdir -p g1 cd g1 echo "0x1d6b" > idVendor echo "0x0104" > idProduct mkdir -p strings/0x409 echo "0123456789" > strings/0x409/serialnumber echo "Renesas." > ... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-68325 – net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
https://notcve.org/view.php?id=CVE-2025-68325
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This m... • https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68324 – scsi: imm: Fix use-after-free bug caused by unfinished delayed work
https://notcve.org/view.php?id=CVE-2025-68324
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM parallel port SCSI host adapter is detached through imm_detach(), the imm_struct device instance is deallocated. However, the delayed work might still be pending or executing when imm_detach() is called, leading to use-after-free bugs... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •