CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68797 – char: applicom: fix NULL pointer dereference in ac_ioctl
https://notcve.org/view.php?id=CVE-2025-68797
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6. However, the function unconditionally executes readb(apbs[IndexCard].RamIO + VERS) at the end. If cmd is 6, IndexCard may reference a board that does not exist (where RamIO is NULL), leading to a NULL pointer derefe... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68795 – ethtool: Avoid overflowing userspace buffer on stats query
https://notcve.org/view.php?id=CVE-2025-68795
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and ETHTOOL_GSTATS for the values. If the number of stats changes between these calls (e.g., due to device reconfiguration), userspace's buffer allocation will be incorrect, potentially leading to buffer overflow. Drivers are generally expected to maintain stabl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68788 – fsnotify: do not generate ACCESS/MODIFY events on child for special files
https://notcve.org/view.php?id=CVE-2025-68788
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev). Users with no read access to a file but with read access to its parent directory can still stat the file and see i... • https://git.kernel.org/stable/c/72acc854427948efed7a83da27f7dc3239ac9afc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68787 – netrom: Fix memory leak in nr_sendmsg()
https://notcve.org/view.php?id=CVE-2025-68787
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return. [1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68781 – usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
https://notcve.org/view.php?id=CVE-2025-68781
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2. When the USB ID pin state changes (cable insertion/removal). A race condition occurs when the device is removed via fsl_otg_remove(): the fsl_otg instance may be freed while the delayed work is still pending o... • https://git.kernel.org/stable/c/0807c500a1a6d7fa20cbd7bbe7fea14a66112463 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68780 – sched/deadline: only set free_cpus for online runqueues
https://notcve.org/view.php?id=CVE-2025-68780
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_cpus for online runqueues Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check o... • https://git.kernel.org/stable/c/9659e1eeee28f7025b6545934d644d19e9c6e603 •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68777 – Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
https://notcve.org/view.php?id=CVE-2025-68777
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows wire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds access when used as index in 'config_pins[wire_order[i]]'. Since config_pins has 4 elements (indices 0-3), the valid range for wire_order should be 0-3. Fix the off-by-one error by using >= instead of > in the validation check. ... • https://git.kernel.org/stable/c/bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68776 – net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
https://notcve.org/view.php?id=CVE-2025-68776
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std but doesn't check if the allocation failed. If __pskb_copy() returns NULL, skb_clone() is called with a NULL pointer, causing a crash: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000078-0x0000000... • https://git.kernel.org/stable/c/f266a683a4804dc499efc6c2206ef68efed029d0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68774 – hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
https://notcve.org/view.php?id=CVE-2025-68774
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create When sync() and link() are called concurrently, both threads may enter hfs_bnode_find() without finding the node in the hash table and proceed to create it. Thread A: hfsplus_write_inode() -> hfsplus_write_system_inode() -> hfs_btree_write() -> hfs_bnode_find(tree, 0) -> __hfs_bnode_create(tree, 0) Thread B: hfsplus_create_cat() -> hfs_brec_insert() -> hfs_bnode_split() -> hfs_bmap_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68771 – ocfs2: fix kernel BUG in ocfs2_find_victim_chain
https://notcve.org/view.php?id=CVE-2025-68771
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition in ocfs2_find_victim_chain() and panicking the kernel. To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(), just before calling ocfs2_find_victim_chain(),... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •