9.8
CVE-2025-68263 - ksmbd: ipc: fix use-after-free in ipc_msg_send_request
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/handle_response()) filβ¦
5.5
CVE-2025-68259 - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the code stream is changeβ¦
0.0
CVE-2025-68257 - comedi: check device's attached status in compat ioctls
In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as said callback must aβ¦
0.0
CVE-2025-68256 - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inβ¦
0.0
CVE-2025-68255 - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed-size 16-byte stackβ¦
7.0
CVE-2025-68293 - mm/huge_memory: fix NULL pointer deference when splitting folio
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix NULL pointer deference when splitting folio Commit c010d47f107f ("mm: thp: split huge page to any lower order pages") introduced an early check on the folio's order via mapping->flags before proceeding with thβ¦
7.0
CVE-2025-68283 - libceph: replace BUG_ON with bounds check for map->max_osd
In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map->max_osd. [ idryomov: drop BUG_ON in ceph_get_primary_affinity()β¦
7.0
CVE-2025-68208 - bpf: account for current allocated stack depth in widen_imprecise_scalars()
In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widen_imprecise_scalars() The usage pattern for widen_imprecise_scalars() looks as follows: prev_st = find_prev_entry(env, ...); queued_st = push_stack(...); widen_imβ¦
5.5
CVE-2025-68224 - kernel: scsi: core: Fix a regression triggered by scsi_host_busy()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0.0
CVE-2025-68203 - kernel: drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.