CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68773 – spi: fsl-cpm: Check length parity before switching to 16 bit mode
https://notcve.org/view.php?id=CVE-2025-68773
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced a... • https://git.kernel.org/stable/c/7f6738e003b364783f3019fdf6e7645bc8dd1643 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68772 – f2fs: fix to avoid updating compression context during writeback
https://notcve.org/view.php?id=CVE-2025-68772
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68771 – ocfs2: fix kernel BUG in ocfs2_find_victim_chain
https://notcve.org/view.php?id=CVE-2025-68771
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition in ocfs2_find_victim_chain() and panicking the kernel. To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(), just before calling ocfs2_find_victim_chain(),... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68769 – f2fs: fix return value of f2fs_recover_fsync_data()
https://notcve.org/view.php?id=CVE-2025-68769
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 >> /mnt/f2fs/foo f2fs_io fsync /mnt/f2fs/foo f2fs_io shutdown 2 /mnt/f2fs umount /mnt/f2fs mount -o ro,norecovery /dev/vdd /mnt/f2fs or mount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only:... • https://git.kernel.org/stable/c/6781eabba1bdb133eb9125c4acf6704ccbe4df02 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68768 – inet: frags: flush pending skbs in fqdir_pre_exit()
https://notcve.org/view.php?id=CVE-2025-68768
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September in NIPA. The stuck task was usually modprobe (often loading a driver like ipvlan), trying to take the lock as a Writer. lockdep does not track readers for rwsems so the read wasn't obvious from the reports. On closer inspection the Reader holding the lock was conntrack looping forever in nf_conntrack_cleanup_net_l... • https://git.kernel.org/stable/c/d5dd88794a13c2f24cce31abad7a0a6c5e0ed2db •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68767 – hfsplus: Verify inode mode when loading from disk
https://notcve.org/view.php?id=CVE-2025-68767
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is no... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68765 – mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
https://notcve.org/view.php?id=CVE-2025-68765
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. In the Linux kernel, the following vulnerability has been resolved: mt76: mt761... • https://git.kernel.org/stable/c/99c457d902cf90bdc0df5d57e6156ec108711068 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68764 – NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
https://notcve.org/view.php?id=CVE-2025-68764
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag. In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the... • https://git.kernel.org/stable/c/f2aedb713c284429987dc66c7aaf38decfc8da2a •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68759 – wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
https://notcve.org/view.php?id=CVE-2025-68759
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit. Fix that by jumping to err_free_rings label on error, which calls rtl8180_free_rx_ring() to free the allocations. Remove the free of rx_ring in rtl8180_init_rx_ring() error path, and set the free... • https://git.kernel.org/stable/c/f653211197f3841f383fa9757ef8ce182c6cf627 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68758 – backlight: led-bl: Add devlink to supplier LEDs
https://notcve.org/view.php?id=CVE-2025-68758
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree ... • https://git.kernel.org/stable/c/ae232e45acf9621f2c96b41ca3af006ac7552c33 •