5.5
CVE-2025-68321 - page_pool: always add GFP_NOWARN for ATOMIC allocations
In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network β¦
0.0
CVE-2025-68217 - Input: pegasus-notetaker - fix potential out-of-bounds access
In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attackeβ¦
5.5
CVE-2025-68200 - bpf: Add bpf_prog_run_data_pointers()
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 __sk_skb_β¦
7.0
CVE-2025-68185 - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won'tβ¦
5.5
CVE-2025-68176 - PCI: cadence: Check for the existence of cdns_pcie::ops before using it
In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops. β¦
7.0
CVE-2025-68304 - Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: lookup hci_conn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hci_conn* is not concurrently modified/deleted. This locking appears to be leftover froβ¦
7.0
CVE-2025-68292 - mm/memfd: fix information leak in hugetlb folios
In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not markβ¦
5.5
CVE-2025-68281 - ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdca_control" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdca_parse_function API. This patcβ¦
7.0
CVE-2025-68239 - binfmt_misc: restore write access before closing files opened by open_exec()
In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on the file to avoid modβ¦
5.5
CVE-2025-68296 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races with switching outpβ¦