linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68812 | — | >= 6.15.0, < 6.18.3 | 6.18.3 | Jan 13, 2026 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||
| CVE-2025-68811 | — | >= 6.8.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p | ||
| CVE-2025-68810 | — | >= 6.8.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggli | ||
| CVE-2025-68809 | — | >= 5.15.0, < 6.6.120 | 6.6.120 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: vfs: fix race on m_flags in vfs_cache ksmbd maintains delete-on-close and pending-delete state in ksmbd_inode->m_flags. In vfs_cache.c this field is accessed under inconsistent locking: some paths read a | ||
| CVE-2025-68808 | — | >= 5.10.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/ | ||
| CVE-2025-68807 | — | >= 6.16.0, < 6.18.3 | 6.18.3 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_default() is moved out of queue freezing in elevator_change(), it can cause the wbt inflight counter to become negative (-1), leading | ||
| CVE-2025-68806 | — | < 6.1.160 | 6.1.160 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the | ||
| CVE-2025-68805 | — | >= 6.14.0, < 6.18.3 | 6.18.3 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list | ||
| CVE-2025-68804 | — | >= 5.3.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn | ||
| CVE-2025-68803 | — | < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mo | ||
| CVE-2025-68802 | — | >= 6.8.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessiv | ||
| CVE-2025-68801 | — | >= 4.8.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1]. The problem seems to be that the driver stores a pointer to the neighbour, but withou | ||
| CVE-2025-68800 | — | >= 5.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver | ||
| CVE-2025-68799 | — | >= 2.6.35, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in cffrml_receive() The cffrml_receive() function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len > | ||
| CVE-2025-68798 | — | >= 5.19.0, < 6.1.160 | 6.1.160 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all( | ||
| CVE-2025-68797 | — | >= 2.6.12, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are ski | ||
| CVE-2025-68796 | — | >= 4.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0] ------------[ cut here ] | ||
| CVE-2025-68795 | — | >= 2.6.12, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and ETHTOOL_GSTATS for the v | ||
| CVE-2025-68794 | — | >= 4.19.0, < 6.6.120 | 6.6.120 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in th | ||
| CVE-2025-68793 | — | >= 6.17.0, < 6.18.3 | 6.18.3 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drm_sched_ |
- CVE-2025-68812Jan 13, 2026affected >= 6.15.0, < 6.18.3fixed 6.18.3
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
- CVE-2025-68811Jan 13, 2026affected >= 6.8.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p
- CVE-2025-68810Jan 13, 2026affected >= 6.8.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggli
- CVE-2025-68809Jan 13, 2026affected >= 5.15.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: ksmbd: vfs: fix race on m_flags in vfs_cache ksmbd maintains delete-on-close and pending-delete state in ksmbd_inode->m_flags. In vfs_cache.c this field is accessed under inconsistent locking: some paths read a
- CVE-2025-68808Jan 13, 2026affected >= 5.10.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/
- CVE-2025-68807Jan 13, 2026affected >= 6.16.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_default() is moved out of queue freezing in elevator_change(), it can cause the wbt inflight counter to become negative (-1), leading
- CVE-2025-68806Jan 13, 2026affected < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the
- CVE-2025-68805Jan 13, 2026affected >= 6.14.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list
- CVE-2025-68804Jan 13, 2026affected >= 5.3.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn
- CVE-2025-68803Jan 13, 2026affected < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mo
- CVE-2025-68802Jan 13, 2026affected >= 6.8.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessiv
- CVE-2025-68801Jan 13, 2026affected >= 4.8.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1]. The problem seems to be that the driver stores a pointer to the neighbour, but withou
- CVE-2025-68800Jan 13, 2026affected >= 5.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver
- CVE-2025-68799Jan 13, 2026affected >= 2.6.35, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in cffrml_receive() The cffrml_receive() function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len >
- CVE-2025-68798Jan 13, 2026affected >= 5.19.0, < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all(
- CVE-2025-68797Jan 13, 2026affected >= 2.6.12, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are ski
- CVE-2025-68796Jan 13, 2026affected >= 4.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0] ------------[ cut here ]
- CVE-2025-68795Jan 13, 2026affected >= 2.6.12, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and ETHTOOL_GSTATS for the v
- CVE-2025-68794Jan 13, 2026affected >= 4.19.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in th
- CVE-2025-68793Jan 13, 2026affected >= 6.17.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drm_sched_
Page 17 of 88