CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68204 – pmdomain: arm: scmi: Fix genpd leak on provider registration failure
https://notcve.org/view.php?id=CVE-2025-68204
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add(). Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure. Example crash trace observed wi... • https://git.kernel.org/stable/c/898216c97ed2ebfffda659ce12388da43534de6c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68194 – media: imon: make send_packet() more robust
https://notcve.org/view.php?id=CVE-2025-68194
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0() once got -EPROTO error after ictx->dev_present_intf0 became true, usb_rx_callback_intf0() resubmits urb after printk(), and resubmitted urb causes usb_rx_callback_intf0() to again get -EPROTO error. This results in printk() flooding ... • https://git.kernel.org/stable/c/21677cfc562a27e099719d413287bc8d1d24deb7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68192 – net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
https://notcve.org/view.php?id=CVE-2025-68192
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due to strict alignment checks. Initialize the MAC header to prevent such crashes. This can trigger kernel panics on ARM when running IPsec over the qmimux0 interface. Example trace: Internal error: Oops: 000000009... • https://git.kernel.org/stable/c/c6adf77953bcec0ad63d7782479452464e50f7a3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68190 – drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
https://notcve.org/view.php?id=CVE-2025-68190
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a potential NULL pointer dereference in atom_get_src_int() when accessing WS entries. Return -ENOMEM on allocation failure to avoid the NULL dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom:... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68188 – tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
https://notcve.org/view.php?id=CVE-2025-68188
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. Several security issues were discovered in the Linux kernel. An attacker... • https://git.kernel.org/stable/c/cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68185 – nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
https://notcve.org/view.php?id=CVE-2025-68185
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that. In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68177 – cpufreq/longhaul: handle NULL policy in longhaul_exit
https://notcve.org/view.php?id=CVE-2025-68177
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaul_exit longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This patch adds a check using unlikely() and returns early if the policy is NULL. Bugzilla: #219962 In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longh... • https://git.kernel.org/stable/c/b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68173 – ftrace: Fix softlockup in ftrace_module_enable
https://notcve.org/view.php?id=CVE-2025-68173
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftrace_module_enable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e754ba ("ftrace: Add cond_... • https://git.kernel.org/stable/c/b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-68168 – jfs: fix uninitialized waitqueue in transaction manager
https://notcve.org/view.php?id=CVE-2025-68168
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on read-only filesystems. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction. However, txEnd(0) still gets called and tries to access TxBlock[0].waitor via tid_to_tblock(0), but this waitqueue was n... • https://git.kernel.org/stable/c/2a8807f9f511c64de0c7cc9900a1683e3d72a3e5 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40363 – net: ipv6: fix field-spanning memcpy warning in AH output
https://notcve.org/view.php?id=CVE-2025-40363
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about writes beyond the 16-byte address fields. memcpy: detected field-spanning write (size 40) of single field "&top_iph->saddr" at net/ipv6/ah6.c:439 (size 16) WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •