linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68210 | — | >= 6.10.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted (deliberately corrupted) images. | ||
| CVE-2025-68209 | — | >= 6.0.0, < 6.17.9 | 6.17.9 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5_add_cq_to_tasklet function by default. This is problematic since only user CQs created through the mlx5_i | ||
| CVE-2025-68208 | — | < 6.6.117 | 6.6.117 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widen_imprecise_scalars() The usage pattern for widen_imprecise_scalars() looks as follows: prev_st = find_prev_entry(env, ...); queued_st = push_stack | ||
| CVE-2025-68207 | — | < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope | ||
| CVE-2025-68206 | — | >= 4.12.0, < 6.1.167 | 6.1.167 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn | ||
| CVE-2025-68205 | — | >= 6.17.0, < 6.17.9 | 6.17.9 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver After restructuring and splitting the HDMI codec driver code, each HDMI codec driver contains the own build_controls and build_pcms ops. A copy-n-paste | ||
| CVE-2025-68204 | — | >= 4.17.0, < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak | ||
| CVE-2025-68202 | — | >= 6.12.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: incon | ||
| CVE-2025-68201 | — | >= 5.19.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. | ||
| CVE-2025-68200 | — | < 5.15.197 | 5.15.197 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu | ||
| CVE-2025-68199 | — | >= 6.10.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts | ||
| CVE-2025-68198 | — | >= 6.5.0, < 6.6.118 | 6.6.118 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objec | ||
| CVE-2025-68197 | — | >= 6.13.0, < 6.17.8 | 6.17.8 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu | ||
| CVE-2025-68196 | — | >= 6.17.0, < 6.17.8 | 6.17.8 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation [WHY] Last LT automation update can cause crash by referencing current_state and calling into dc_update_planes_and_stream which may cl | ||
| CVE-2025-68194 | — | >= 2.6.35, < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0( | ||
| CVE-2025-68193 | — | >= 6.10.0, < 6.17.8 | 6.17.8 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism w | ||
| CVE-2025-68192 | — | >= 4.12.0, < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem | ||
| CVE-2025-68191 | — | >= 5.9.0, < 5.10.247 | 5.10.247 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: use netdev_warn() instead of netdev_WARN() netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is ju | ||
| CVE-2025-68190 | — | >= 4.2.0, < 6.12.58 | 6.12.58 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po | ||
| CVE-2025-68189 | — | >= 6.17.0, < 6.17.8 | 6.17.8 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj->resv != &obj->_resv. So we should check both this condition in addition to flags for handling the _NO_SHARE case. Fixes this splat |
- CVE-2025-68210Dec 16, 2025affected >= 6.10.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted (deliberately corrupted) images.
- CVE-2025-68209Dec 16, 2025affected >= 6.0.0, < 6.17.9fixed 6.17.9
In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5_add_cq_to_tasklet function by default. This is problematic since only user CQs created through the mlx5_i
- CVE-2025-68208Dec 16, 2025affected < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widen_imprecise_scalars() The usage pattern for widen_imprecise_scalars() looks as follows: prev_st = find_prev_entry(env, ...); queued_st = push_stack
- CVE-2025-68207Dec 16, 2025affected < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope
- CVE-2025-68206Dec 16, 2025affected >= 4.12.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn
- CVE-2025-68205Dec 16, 2025affected >= 6.17.0, < 6.17.9fixed 6.17.9
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver After restructuring and splitting the HDMI codec driver code, each HDMI codec driver contains the own build_controls and build_pcms ops. A copy-n-paste
- CVE-2025-68204Dec 16, 2025affected >= 4.17.0, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak
- CVE-2025-68202Dec 16, 2025affected >= 6.12.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: incon
- CVE-2025-68201Dec 16, 2025affected >= 5.19.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
- CVE-2025-68200Dec 16, 2025affected < 5.15.197fixed 5.15.197
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu
- CVE-2025-68199Dec 16, 2025affected >= 6.10.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts
- CVE-2025-68198Dec 16, 2025affected >= 6.5.0, < 6.6.118fixed 6.6.118
In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objec
- CVE-2025-68197Dec 16, 2025affected >= 6.13.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu
- CVE-2025-68196Dec 16, 2025affected >= 6.17.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation [WHY] Last LT automation update can cause crash by referencing current_state and calling into dc_update_planes_and_stream which may cl
- CVE-2025-68194Dec 16, 2025affected >= 2.6.35, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0(
- CVE-2025-68193Dec 16, 2025affected >= 6.10.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism w
- CVE-2025-68192Dec 16, 2025affected >= 4.12.0, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem
- CVE-2025-68191Dec 16, 2025affected >= 5.9.0, < 5.10.247fixed 5.10.247
In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: use netdev_warn() instead of netdev_WARN() netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is ju
- CVE-2025-68190Dec 16, 2025affected >= 4.2.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po
- CVE-2025-68189Dec 16, 2025affected >= 6.17.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj->resv != &obj->_resv. So we should check both this condition in addition to flags for handling the _NO_SHARE case. Fixes this splat
Page 55 of 88