CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68369 – ntfs3: init run lock for extend inode
https://notcve.org/view.php?id=CVE-2025-68369
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot. Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered. Add the run_lock initialization when loading $Extend. syzbot reported: INFO:... • https://git.kernel.org/stable/c/63eb6730ce0604d3eacf036c2f68ea70b068317c •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68367 – macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
https://notcve.org/view.php?id=CVE-2025-68367
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ list_add double add: new=ffffffffa57eee28, prev=ffffffffa57eee28, next=ffffffffa5e63100. WARNING: CPU: 0 PID: 1491 at lib/list_debug.c:35 __list_add_valid_or_report+0xf7/0x130 Modules linked in: CPU: 0 PID: 1491 Comm: syz.1.28 Not tainted ... • https://git.kernel.org/stable/c/99b089c3c38a83ebaeb1cc4584ddcde841626467 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68366 – nbd: defer config unlock in nbd_genl_connect
https://notcve.org/view.php?id=CVE-2025-68366
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_device // config_refs=2 set NBD_RT_HAS_CONFIG_REF open nbd // config_refs=3 recv_work done // config_refs=2 NBD_CLEAR_SOCK // config_refs=1 close nbd // config_refs=0 refcount_inc -> uaf ------------[ cut here ]------------ refcount_t: addition... • https://git.kernel.org/stable/c/e46c7287b1c27683a8e30ca825fb98e2b97f1099 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68365 – fs/ntfs3: Initialize allocated memory before use
https://notcve.org/view.php?id=CVE-2025-68365
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __getname(), which is a wrapper for kmem_cache_alloc(). This memory is used before being properly cleared. Change kmem_cache_alloc() to kmem_cache_zalloc() to properly allocate and clear memory before use. In the Linux kernel, the following... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68364 – ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
https://notcve.org/view.php?id=CVE-2025-68364
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem corruption. In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem ... • https://git.kernel.org/stable/c/8f603e567aa7a243e68ca48b4f105b990851360f •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68363 – bpf: Check skb->transport_header is set in bpf_skb_check_mtu
https://notcve.org/view.php?id=CVE-2025-68363
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0, BPF_MTU_CHK_SEGS) The transport_header is not always set. There is a WARN_ON_ONCE report when CONFIG_DEBUG_NET is enabled + skb->gso_size is set + bpf_prog_test_run is used: WARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071 s... • https://git.kernel.org/stable/c/34b2021cc61642d61c3cf943d9e71925b827941b •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68362 – wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
https://notcve.org/view.php?id=CVE-2025-68362
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, ... • https://git.kernel.org/stable/c/6f7853f3cbe457067e9fe05461f56c7ea4ac488c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68360 – wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks
https://notcve.org/view.php?id=CVE-2025-68360
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wed_hif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to always use the primary wed device in wed callbacks resulting in the following crash if the hw runs wed_hif2 (e.g. 6GHz link). [ 297.455876] Unable to handle kernel read from unreadable memory at virtual address 000000000000080a [ 297.4649... • https://git.kernel.org/stable/c/83eafc9251d6d30574b629ac637c56d168fcbdd9 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68358 – btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
https://notcve.org/view.php?id=CVE-2025-68358
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because compilers often generate code to modify these using non-atomic read-modify-write sequences. Do not attempt to use bitfields to synchronize parallel algorithms. (*) Even in cases where bitfields are protected by locks, all fields in a given ... • https://git.kernel.org/stable/c/957780eb2788d8c218d539e19a85653f51a96dc1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68357 – iomap: allocate s_dio_done_wq for async reads as well
https://notcve.org/view.php?id=CVE-2025-68357
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_done_wq. This means the workqueue also needs to be allocated for async reads. In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completion... • https://git.kernel.org/stable/c/3b5f35085f8159894a0963e2c877527a885201ac •