Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0057
Vulnerability from certfr_avis - Published: 2026-01-16 - Updated: 2026-01-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.159-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40273"
},
{
"name": "CVE-2025-68286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68286"
},
{
"name": "CVE-2025-40314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40314"
},
{
"name": "CVE-2025-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40306"
},
{
"name": "CVE-2025-40254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
},
{
"name": "CVE-2025-68200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68200"
},
{
"name": "CVE-2025-68176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68176"
},
{
"name": "CVE-2025-68204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68204"
},
{
"name": "CVE-2025-68283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68283"
},
{
"name": "CVE-2025-68246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68246"
},
{
"name": "CVE-2025-68339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68339"
},
{
"name": "CVE-2025-68295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68295"
},
{
"name": "CVE-2025-40285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40285"
},
{
"name": "CVE-2025-68287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68287"
},
{
"name": "CVE-2025-40294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40294"
},
{
"name": "CVE-2025-40312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40312"
},
{
"name": "CVE-2025-68220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68220"
},
{
"name": "CVE-2025-68302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68302"
},
{
"name": "CVE-2025-68238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68238"
},
{
"name": "CVE-2025-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40309"
},
{
"name": "CVE-2025-40343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40343"
},
{
"name": "CVE-2025-68173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68173"
},
{
"name": "CVE-2025-68307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68307"
},
{
"name": "CVE-2025-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40308"
},
{
"name": "CVE-2025-40315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40315"
},
{
"name": "CVE-2025-68231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68231"
},
{
"name": "CVE-2025-68310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68310"
},
{
"name": "CVE-2025-68229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68229"
},
{
"name": "CVE-2025-68321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68321"
},
{
"name": "CVE-2025-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40360"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-40313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40313"
},
{
"name": "CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"name": "CVE-2025-68308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68308"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2025-68218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68218"
},
{
"name": "CVE-2025-40277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40277"
},
{
"name": "CVE-2025-40272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40272"
},
{
"name": "CVE-2025-40345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40345"
},
{
"name": "CVE-2025-38057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38057"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-68330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68330"
},
{
"name": "CVE-2025-68343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68343"
},
{
"name": "CVE-2025-37899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37899"
},
{
"name": "CVE-2025-40292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40292"
},
{
"name": "CVE-2025-68237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68237"
},
{
"name": "CVE-2025-40257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
},
{
"name": "CVE-2025-68312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68312"
},
{
"name": "CVE-2025-68284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68284"
},
{
"name": "CVE-2025-68194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68194"
},
{
"name": "CVE-2025-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39805"
},
{
"name": "CVE-2025-40263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
},
{
"name": "CVE-2025-68244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68244"
},
{
"name": "CVE-2024-47666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47666"
},
{
"name": "CVE-2025-40278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40278"
},
{
"name": "CVE-2025-40342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40342"
},
{
"name": "CVE-2025-40279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40279"
},
{
"name": "CVE-2025-68328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68328"
},
{
"name": "CVE-2025-40341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40341"
},
{
"name": "CVE-2025-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38593"
},
{
"name": "CVE-2025-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40283"
},
{
"name": "CVE-2025-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40324"
},
{
"name": "CVE-2025-40264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
},
{
"name": "CVE-2025-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40321"
},
{
"name": "CVE-2025-40282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40282"
},
{
"name": "CVE-2025-68192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68192"
},
{
"name": "CVE-2025-40214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40214"
},
{
"name": "CVE-2025-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
},
{
"name": "CVE-2025-68171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68171"
},
{
"name": "CVE-2025-38678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38678"
},
{
"name": "CVE-2025-40301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40301"
},
{
"name": "CVE-2025-40286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40286"
},
{
"name": "CVE-2025-68327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68327"
},
{
"name": "CVE-2025-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40318"
},
{
"name": "CVE-2025-68241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68241"
},
{
"name": "CVE-2025-68734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68734"
},
{
"name": "CVE-2025-68288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68288"
},
{
"name": "CVE-2025-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
},
{
"name": "CVE-2025-40331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40331"
},
{
"name": "CVE-2025-68290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68290"
},
{
"name": "CVE-2025-40280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40280"
},
{
"name": "CVE-2025-40293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40293"
},
{
"name": "CVE-2025-68331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68331"
},
{
"name": "CVE-2025-68214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68214"
},
{
"name": "CVE-2025-40284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40284"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-40248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"name": "CVE-2025-68303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68303"
},
{
"name": "CVE-2025-40259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
},
{
"name": "CVE-2025-68168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68168"
},
{
"name": "CVE-2025-68301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68301"
},
{
"name": "CVE-2025-40297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40297"
},
{
"name": "CVE-2025-68217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68217"
},
{
"name": "CVE-2025-68289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68289"
},
{
"name": "CVE-2025-40363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40363"
},
{
"name": "CVE-2025-40253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
},
{
"name": "CVE-2025-68245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68245"
},
{
"name": "CVE-2025-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40317"
},
{
"name": "CVE-2025-68233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68233"
},
{
"name": "CVE-2025-68282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68282"
},
{
"name": "CVE-2025-68177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68177"
},
{
"name": "CVE-2025-68191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68191"
},
{
"name": "CVE-2025-40288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40288"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-40281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40281"
},
{
"name": "CVE-2025-68185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68185"
},
{
"name": "CVE-2025-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40304"
},
{
"name": "CVE-2025-40262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
},
{
"name": "CVE-2025-40261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"name": "CVE-2025-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40323"
},
{
"name": "CVE-2025-68285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
},
{
"name": "CVE-2025-40275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40275"
},
{
"name": "CVE-2025-68227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68227"
},
{
"name": "CVE-2025-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40319"
}
],
"initial_release_date": "2026-01-16T00:00:00",
"last_revision_date": "2026-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0057",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4436-1",
"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00007.html"
}
]
}
CVE-2025-40343 (GCVE-0-2025-40343)
Vulnerability from cvelistv5 – Published: 2025-12-09 04:10 – Updated: 2026-05-11 21:47
VLAI
EPSS
Title
nvmet-fc: avoid scheduling association deletion twice
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet-fc: avoid scheduling association deletion twice
When forcefully shutting down a port via the configfs interface,
nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and
then nvmet_disable_port(). Both functions will eventually schedule all
remaining associations for deletion.
The current implementation checks whether an association is about to be
removed, but only after the work item has already been scheduled. As a
result, it is possible for the first scheduled work item to free all
resources, and then for the same work item to be scheduled again for
deletion.
Because the association list is an RCU list, it is not possible to take
a lock and remove the list entry directly, so it cannot be looked up
again. Instead, a flag (terminating) must be used to determine whether
the association is already in the process of being deleted.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a07b4970f464f13640e28e16dad6cfa33647cc99 , < 2f4852db87e25d4e226b25cb6f652fef9504360e
(git)
Affected: a07b4970f464f13640e28e16dad6cfa33647cc99 , < 85e2ce1920cb511d57aae59f0df6ff85b28bf04d (git) Affected: a07b4970f464f13640e28e16dad6cfa33647cc99 , < 601ed47b2363c24d948d7bac0c23abc8bd459570 (git) Affected: a07b4970f464f13640e28e16dad6cfa33647cc99 , < 04d17540ef51e2c291eb863ca87fd332259b2d40 (git) Affected: a07b4970f464f13640e28e16dad6cfa33647cc99 , < c09ac9a63fc3aaf4670ad7b5e4f5afd764424154 (git) Affected: a07b4970f464f13640e28e16dad6cfa33647cc99 , < f2537be4f8421f6495edfa0bc284d722f253841d (git) |
|
| Linux | Linux |
Affected:
4.8
Unaffected: 0 , < 4.8 (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/fc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f4852db87e25d4e226b25cb6f652fef9504360e",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
},
{
"lessThan": "85e2ce1920cb511d57aae59f0df6ff85b28bf04d",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
},
{
"lessThan": "601ed47b2363c24d948d7bac0c23abc8bd459570",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
},
{
"lessThan": "04d17540ef51e2c291eb863ca87fd332259b2d40",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
},
{
"lessThan": "c09ac9a63fc3aaf4670ad7b5e4f5afd764424154",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
},
{
"lessThan": "f2537be4f8421f6495edfa0bc284d722f253841d",
"status": "affected",
"version": "a07b4970f464f13640e28e16dad6cfa33647cc99",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/fc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid scheduling association deletion twice\n\nWhen forcefully shutting down a port via the configfs interface,\nnvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and\nthen nvmet_disable_port(). Both functions will eventually schedule all\nremaining associations for deletion.\n\nThe current implementation checks whether an association is about to be\nremoved, but only after the work item has already been scheduled. As a\nresult, it is possible for the first scheduled work item to free all\nresources, and then for the same work item to be scheduled again for\ndeletion.\n\nBecause the association list is an RCU list, it is not possible to take\na lock and remove the list entry directly, so it cannot be looked up\nagain. Instead, a flag (terminating) must be used to determine whether\nthe association is already in the process of being deleted."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:47:31.912Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f4852db87e25d4e226b25cb6f652fef9504360e"
},
{
"url": "https://git.kernel.org/stable/c/85e2ce1920cb511d57aae59f0df6ff85b28bf04d"
},
{
"url": "https://git.kernel.org/stable/c/601ed47b2363c24d948d7bac0c23abc8bd459570"
},
{
"url": "https://git.kernel.org/stable/c/04d17540ef51e2c291eb863ca87fd332259b2d40"
},
{
"url": "https://git.kernel.org/stable/c/c09ac9a63fc3aaf4670ad7b5e4f5afd764424154"
},
{
"url": "https://git.kernel.org/stable/c/f2537be4f8421f6495edfa0bc284d722f253841d"
}
],
"title": "nvmet-fc: avoid scheduling association deletion twice",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40343",
"datePublished": "2025-12-09T04:10:00.973Z",
"dateReserved": "2025-04-16T07:20:57.187Z",
"dateUpdated": "2026-05-11T21:47:31.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40345 (GCVE-0-2025-40345)
Vulnerability from cvelistv5 – Published: 2025-12-12 17:53 – Updated: 2026-06-02 13:00
VLAI
EPSS
Title
usb: storage: sddr55: Reject out-of-bound new_pba
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: storage: sddr55: Reject out-of-bound new_pba
Discovered by Atuin - Automated Vulnerability Discovery Engine.
new_pba comes from the status packet returned after each write.
A bogus device could report values beyond the block count derived
from info->capacity, letting the driver walk off the end of
pba_to_lba[] and corrupt heap memory.
Reject PBAs that exceed the computed block count and fail the
transfer so we avoid touching out-of-range mapping entries.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d00a6c04a502cd52425dbf35588732c652b16490
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 26e9b5da3231da7dc357b363883b5b7b51a64092 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < aa64e0e17e3a5991a25e6a46007770c629039869 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04a8a6393f3f2f471e05eacca33282dd30b01432 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a20f1dd19d21dcb70140ea5a71b1f8cbe0c7e68f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5ebe8d479aaf4f41ac35e6955332304193c646f6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.119 , ≤ 6.6.* (semver) Unaffected: 6.12.61 , ≤ 6.12.* (semver) Unaffected: 6.17.11 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:00:22.057Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/sddr55.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d00a6c04a502cd52425dbf35588732c652b16490",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "26e9b5da3231da7dc357b363883b5b7b51a64092",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aa64e0e17e3a5991a25e6a46007770c629039869",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04a8a6393f3f2f471e05eacca33282dd30b01432",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a20f1dd19d21dcb70140ea5a71b1f8cbe0c7e68f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ebe8d479aaf4f41ac35e6955332304193c646f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b59d4fda7e7d0aff1043a7f742487cb829f5aac1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/sddr55.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.119",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.61",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: storage: sddr55: Reject out-of-bound new_pba\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nnew_pba comes from the status packet returned after each write.\nA bogus device could report values beyond the block count derived\nfrom info-\u003ecapacity, letting the driver walk off the end of\npba_to_lba[] and corrupt heap memory.\n\nReject PBAs that exceed the computed block count and fail the\ntransfer so we avoid touching out-of-range mapping entries."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:47:34.193Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d00a6c04a502cd52425dbf35588732c652b16490"
},
{
"url": "https://git.kernel.org/stable/c/26e9b5da3231da7dc357b363883b5b7b51a64092"
},
{
"url": "https://git.kernel.org/stable/c/aa64e0e17e3a5991a25e6a46007770c629039869"
},
{
"url": "https://git.kernel.org/stable/c/04a8a6393f3f2f471e05eacca33282dd30b01432"
},
{
"url": "https://git.kernel.org/stable/c/a20f1dd19d21dcb70140ea5a71b1f8cbe0c7e68f"
},
{
"url": "https://git.kernel.org/stable/c/5ebe8d479aaf4f41ac35e6955332304193c646f6"
},
{
"url": "https://git.kernel.org/stable/c/b59d4fda7e7d0aff1043a7f742487cb829f5aac1"
}
],
"title": "usb: storage: sddr55: Reject out-of-bound new_pba",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40345",
"datePublished": "2025-12-12T17:53:06.853Z",
"dateReserved": "2025-04-16T07:20:57.187Z",
"dateUpdated": "2026-06-02T13:00:22.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40360 (GCVE-0-2025-40360)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:39 – Updated: 2026-05-11 21:47
VLAI
EPSS
Title
drm/sysfb: Do not dereference NULL pointer in plane reset
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/sysfb: Do not dereference NULL pointer in plane reset
The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not
deref that pointer, but forward NULL to the other plane-reset helpers.
Clears plane->state to NULL.
v2:
- fix typo in commit description (Javier)
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b715650220311e50448cb499c71084ca8aeeeece , < 6abeff03cb79a2c7f4554a8e8738acd35bb37152
(git)
Affected: b715650220311e50448cb499c71084ca8aeeeece , < c4faf7f417eea8b8d5cc570a1015736f307aa2d5 (git) Affected: b715650220311e50448cb499c71084ca8aeeeece , < b61ed8005bd3102510fab5015ac6a275c9c5ea16 (git) Affected: b715650220311e50448cb499c71084ca8aeeeece , < 6bdef5648a60e49d4a3b02461ab7ae3776877e77 (git) Affected: b715650220311e50448cb499c71084ca8aeeeece , < c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232 (git) Affected: b715650220311e50448cb499c71084ca8aeeeece , < 14e02ed3876f4ab0ed6d3f41972175f8b8df3d70 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_gem_atomic_helper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6abeff03cb79a2c7f4554a8e8738acd35bb37152",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
},
{
"lessThan": "c4faf7f417eea8b8d5cc570a1015736f307aa2d5",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
},
{
"lessThan": "b61ed8005bd3102510fab5015ac6a275c9c5ea16",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
},
{
"lessThan": "6bdef5648a60e49d4a3b02461ab7ae3776877e77",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
},
{
"lessThan": "c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
},
{
"lessThan": "14e02ed3876f4ab0ed6d3f41972175f8b8df3d70",
"status": "affected",
"version": "b715650220311e50448cb499c71084ca8aeeeece",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_gem_atomic_helper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sysfb: Do not dereference NULL pointer in plane reset\n\nThe plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not\nderef that pointer, but forward NULL to the other plane-reset helpers.\nClears plane-\u003estate to NULL.\n\nv2:\n- fix typo in commit description (Javier)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:47:51.912Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6abeff03cb79a2c7f4554a8e8738acd35bb37152"
},
{
"url": "https://git.kernel.org/stable/c/c4faf7f417eea8b8d5cc570a1015736f307aa2d5"
},
{
"url": "https://git.kernel.org/stable/c/b61ed8005bd3102510fab5015ac6a275c9c5ea16"
},
{
"url": "https://git.kernel.org/stable/c/6bdef5648a60e49d4a3b02461ab7ae3776877e77"
},
{
"url": "https://git.kernel.org/stable/c/c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232"
},
{
"url": "https://git.kernel.org/stable/c/14e02ed3876f4ab0ed6d3f41972175f8b8df3d70"
}
],
"title": "drm/sysfb: Do not dereference NULL pointer in plane reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40360",
"datePublished": "2025-12-16T13:39:59.490Z",
"dateReserved": "2025-04-16T07:20:57.187Z",
"dateUpdated": "2026-05-11T21:47:51.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40363 (GCVE-0-2025-40363)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:40 – Updated: 2026-06-16 19:57
VLAI
EPSS
Title
net: ipv6: fix field-spanning memcpy warning in AH output
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix field-spanning memcpy warning in AH output
Fix field-spanning memcpy warnings in ah6_output() and
ah6_output_done() where extension headers are copied to/from IPv6
address fields, triggering fortify-string warnings about writes beyond
the 16-byte address fields.
memcpy: detected field-spanning write (size 40) of single field "&top_iph->saddr" at net/ipv6/ah6.c:439 (size 16)
WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439
The warnings are false positives as the extension headers are
intentionally placed after the IPv6 header in memory. Fix by properly
copying addresses and extension headers separately, and introduce
helper functions to avoid code duplication.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2da805a61ef5272a2773775ce14c3650adb84248
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9bf27de51bd6db5ff827780ec0eba55de230ba45 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0bf756ae1e69fec5e6332c37830488315d6d771b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 75b16b2755e12999ad850756ddfb88ad4bfc7186 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f28dde240160f3c48a50d641d210ed6a3b9596ed (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c14cf41094136691c92ef756872570645d61f4a1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b056f971bd72b373b7ae2025a8f3bd18f69653d3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2327a3d6f65ce2fe2634546dde4a25ef52296fec (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.302 , ≤ 5.4.* (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T19:57:03.348828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:57:11.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ah6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2da805a61ef5272a2773775ce14c3650adb84248",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9bf27de51bd6db5ff827780ec0eba55de230ba45",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0bf756ae1e69fec5e6332c37830488315d6d771b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "75b16b2755e12999ad850756ddfb88ad4bfc7186",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f28dde240160f3c48a50d641d210ed6a3b9596ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c14cf41094136691c92ef756872570645d61f4a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b056f971bd72b373b7ae2025a8f3bd18f69653d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2327a3d6f65ce2fe2634546dde4a25ef52296fec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ah6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.302",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix field-spanning memcpy warning in AH output\n\nFix field-spanning memcpy warnings in ah6_output() and\nah6_output_done() where extension headers are copied to/from IPv6\naddress fields, triggering fortify-string warnings about writes beyond\nthe 16-byte address fields.\n\n memcpy: detected field-spanning write (size 40) of single field \"\u0026top_iph-\u003esaddr\" at net/ipv6/ah6.c:439 (size 16)\n WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439\n\nThe warnings are false positives as the extension headers are\nintentionally placed after the IPv6 header in memory. Fix by properly\ncopying addresses and extension headers separately, and introduce\nhelper functions to avoid code duplication."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:47:54.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2da805a61ef5272a2773775ce14c3650adb84248"
},
{
"url": "https://git.kernel.org/stable/c/9bf27de51bd6db5ff827780ec0eba55de230ba45"
},
{
"url": "https://git.kernel.org/stable/c/0bf756ae1e69fec5e6332c37830488315d6d771b"
},
{
"url": "https://git.kernel.org/stable/c/75b16b2755e12999ad850756ddfb88ad4bfc7186"
},
{
"url": "https://git.kernel.org/stable/c/f28dde240160f3c48a50d641d210ed6a3b9596ed"
},
{
"url": "https://git.kernel.org/stable/c/c14cf41094136691c92ef756872570645d61f4a1"
},
{
"url": "https://git.kernel.org/stable/c/b056f971bd72b373b7ae2025a8f3bd18f69653d3"
},
{
"url": "https://git.kernel.org/stable/c/2327a3d6f65ce2fe2634546dde4a25ef52296fec"
}
],
"title": "net: ipv6: fix field-spanning memcpy warning in AH output",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40363",
"datePublished": "2025-12-16T13:40:03.265Z",
"dateReserved": "2025-04-16T07:20:57.187Z",
"dateUpdated": "2026-06-16T19:57:11.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68168 (GCVE-0-2025-68168)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:42 – Updated: 2026-05-23 16:02
VLAI
EPSS
Title
jfs: fix uninitialized waitqueue in transaction manager
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix uninitialized waitqueue in transaction manager
The transaction manager initialization in txInit() was not properly
initializing TxBlock[0].waitor waitqueue, causing a crash when
txEnd(0) is called on read-only filesystems.
When a filesystem is mounted read-only, txBegin() returns tid=0 to
indicate no transaction. However, txEnd(0) still gets called and
tries to access TxBlock[0].waitor via tid_to_tblock(0), but this
waitqueue was never initialized because the initialization loop
started at index 1 instead of 0.
This causes a 'non-static key' lockdep warning and system crash:
INFO: trying to register non-static key in txEnd
Fix by ensuring all transaction blocks including TxBlock[0] have
their waitqueues properly initialized during txInit().
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2a8807f9f511c64de0c7cc9900a1683e3d72a3e5 , < d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64
(git)
Affected: 5c094ca994824e038b6a97835ded4e5d1d808504 , < 8cae9cf23e0bd424ac904e753639a587543ce03a (git) Affected: 2febd5f81e4bfba61d9f374dcca628aff374cc56 , < a2aa97cde9857f881920635a2e3d3b11769619c5 (git) Affected: aa7cdf487ab3fa47284daaccc3d7d5de01c6a84c , < d2dd7ca05a11685c314e62802a55e8d67a90e974 (git) Affected: 95e2b352c03b0a86c5717ba1d24ea20969abcacc , < 2a9575a372182ca075070b3cd77490dcf0c951e7 (git) Affected: 95e2b352c03b0a86c5717ba1d24ea20969abcacc , < cbf2f527ae4ca7c7dabce42e85e8deb58588a37e (git) Affected: 95e2b352c03b0a86c5717ba1d24ea20969abcacc , < 038861414ab383b41dd35abbf9ff0ef715592d53 (git) Affected: 95e2b352c03b0a86c5717ba1d24ea20969abcacc , < 300b072df72694ea330c4c673c035253e07827b8 (git) Affected: a88efca805bea93cea9187dfd00835aa7093bf1b (git) Affected: 97c1f26e4d4af55e8584e4646dd5c5fa7baf62c7 (git) Affected: b0ed8ed0428ee96092da6fefa5cfacbe4abed701 (git) Affected: 5.4.255 , < 5.4.302 (semver) Affected: 5.10.192 , < 5.10.247 (semver) Affected: 5.15.123 , < 5.15.197 (semver) Affected: 6.1.42 , < 6.1.159 (semver) Affected: 4.14.324 , < 4.15 (semver) Affected: 4.19.293 , < 4.20 (semver) Affected: 6.4.7 , < 6.5 (semver) |
|
| Linux | Linux |
Affected:
6.5
Unaffected: 0 , < 6.5 (semver) Unaffected: 5.4.302 , ≤ 5.4.* (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_txnmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64",
"status": "affected",
"version": "2a8807f9f511c64de0c7cc9900a1683e3d72a3e5",
"versionType": "git"
},
{
"lessThan": "8cae9cf23e0bd424ac904e753639a587543ce03a",
"status": "affected",
"version": "5c094ca994824e038b6a97835ded4e5d1d808504",
"versionType": "git"
},
{
"lessThan": "a2aa97cde9857f881920635a2e3d3b11769619c5",
"status": "affected",
"version": "2febd5f81e4bfba61d9f374dcca628aff374cc56",
"versionType": "git"
},
{
"lessThan": "d2dd7ca05a11685c314e62802a55e8d67a90e974",
"status": "affected",
"version": "aa7cdf487ab3fa47284daaccc3d7d5de01c6a84c",
"versionType": "git"
},
{
"lessThan": "2a9575a372182ca075070b3cd77490dcf0c951e7",
"status": "affected",
"version": "95e2b352c03b0a86c5717ba1d24ea20969abcacc",
"versionType": "git"
},
{
"lessThan": "cbf2f527ae4ca7c7dabce42e85e8deb58588a37e",
"status": "affected",
"version": "95e2b352c03b0a86c5717ba1d24ea20969abcacc",
"versionType": "git"
},
{
"lessThan": "038861414ab383b41dd35abbf9ff0ef715592d53",
"status": "affected",
"version": "95e2b352c03b0a86c5717ba1d24ea20969abcacc",
"versionType": "git"
},
{
"lessThan": "300b072df72694ea330c4c673c035253e07827b8",
"status": "affected",
"version": "95e2b352c03b0a86c5717ba1d24ea20969abcacc",
"versionType": "git"
},
{
"status": "affected",
"version": "a88efca805bea93cea9187dfd00835aa7093bf1b",
"versionType": "git"
},
{
"status": "affected",
"version": "97c1f26e4d4af55e8584e4646dd5c5fa7baf62c7",
"versionType": "git"
},
{
"status": "affected",
"version": "b0ed8ed0428ee96092da6fefa5cfacbe4abed701",
"versionType": "git"
},
{
"lessThan": "5.4.302",
"status": "affected",
"version": "5.4.255",
"versionType": "semver"
},
{
"lessThan": "5.10.247",
"status": "affected",
"version": "5.10.192",
"versionType": "semver"
},
{
"lessThan": "5.15.197",
"status": "affected",
"version": "5.15.123",
"versionType": "semver"
},
{
"lessThan": "6.1.159",
"status": "affected",
"version": "6.1.42",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.324",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.293",
"versionType": "semver"
},
{
"lessThan": "6.5",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_txnmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.302",
"versionStartIncluding": "5.4.255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "5.10.192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "5.15.123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "6.1.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uninitialized waitqueue in transaction manager\n\nThe transaction manager initialization in txInit() was not properly\ninitializing TxBlock[0].waitor waitqueue, causing a crash when\ntxEnd(0) is called on read-only filesystems.\n\nWhen a filesystem is mounted read-only, txBegin() returns tid=0 to\nindicate no transaction. However, txEnd(0) still gets called and\ntries to access TxBlock[0].waitor via tid_to_tblock(0), but this\nwaitqueue was never initialized because the initialization loop\nstarted at index 1 instead of 0.\n\nThis causes a \u0027non-static key\u0027 lockdep warning and system crash:\n INFO: trying to register non-static key in txEnd\n\nFix by ensuring all transaction blocks including TxBlock[0] have\ntheir waitqueues properly initialized during txInit()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:02:15.086Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64"
},
{
"url": "https://git.kernel.org/stable/c/8cae9cf23e0bd424ac904e753639a587543ce03a"
},
{
"url": "https://git.kernel.org/stable/c/a2aa97cde9857f881920635a2e3d3b11769619c5"
},
{
"url": "https://git.kernel.org/stable/c/d2dd7ca05a11685c314e62802a55e8d67a90e974"
},
{
"url": "https://git.kernel.org/stable/c/2a9575a372182ca075070b3cd77490dcf0c951e7"
},
{
"url": "https://git.kernel.org/stable/c/cbf2f527ae4ca7c7dabce42e85e8deb58588a37e"
},
{
"url": "https://git.kernel.org/stable/c/038861414ab383b41dd35abbf9ff0ef715592d53"
},
{
"url": "https://git.kernel.org/stable/c/300b072df72694ea330c4c673c035253e07827b8"
}
],
"title": "jfs: fix uninitialized waitqueue in transaction manager",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68168",
"datePublished": "2025-12-16T13:42:48.350Z",
"dateReserved": "2025-12-16T13:41:40.250Z",
"dateUpdated": "2026-05-23T16:02:15.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68171 (GCVE-0-2025-68171)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:42 – Updated: 2026-05-11 21:48
VLAI
EPSS
Title
x86/fpu: Ensure XFD state on signal delivery
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure XFD state on signal delivery
Sean reported [1] the following splat when running KVM tests:
WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70
Call Trace:
<TASK>
fpu__clear_user_states+0x9c/0x100
arch_do_signal_or_restart+0x142/0x210
exit_to_user_mode_loop+0x55/0x100
do_syscall_64+0x205/0x2c0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
Chao further identified [2] a reproducible scenario involving signal
delivery: a non-AMX task is preempted by an AMX-enabled task which
modifies the XFD MSR.
When the non-AMX task resumes and reloads XSTATE with init values,
a warning is triggered due to a mismatch between fpstate::xfd and the
CPU's current XFD state. fpu__clear_user_states() does not currently
re-synchronize the XFD state after such preemption.
Invoke xfd_update_state() which detects and corrects the mismatch if
there is a dynamic feature.
This also benefits the sigreturn path, as fpu__restore_sig() may call
fpu__clear_user_states() when the sigframe is inaccessible.
[ dhansen: minor changelog munging ]
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
672365477ae8afca5a1cca98c1deb733235e4525 , < eefbfb722042fc9210d2e0ac2b063fd1abf51895
(git)
Affected: 672365477ae8afca5a1cca98c1deb733235e4525 , < 1811c610653c0cd21cc9add14595b7cffaeca511 (git) Affected: 672365477ae8afca5a1cca98c1deb733235e4525 , < 5b2619b488f1d08b960c43c6468dd0759e8b3035 (git) Affected: 672365477ae8afca5a1cca98c1deb733235e4525 , < 3f735419c4b43cde42e6d408db39137b82474e31 (git) Affected: 672365477ae8afca5a1cca98c1deb733235e4525 , < 388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 (git) |
|
| Linux | Linux |
Affected:
5.16
Unaffected: 0 , < 5.16 (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/fpu/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eefbfb722042fc9210d2e0ac2b063fd1abf51895",
"status": "affected",
"version": "672365477ae8afca5a1cca98c1deb733235e4525",
"versionType": "git"
},
{
"lessThan": "1811c610653c0cd21cc9add14595b7cffaeca511",
"status": "affected",
"version": "672365477ae8afca5a1cca98c1deb733235e4525",
"versionType": "git"
},
{
"lessThan": "5b2619b488f1d08b960c43c6468dd0759e8b3035",
"status": "affected",
"version": "672365477ae8afca5a1cca98c1deb733235e4525",
"versionType": "git"
},
{
"lessThan": "3f735419c4b43cde42e6d408db39137b82474e31",
"status": "affected",
"version": "672365477ae8afca5a1cca98c1deb733235e4525",
"versionType": "git"
},
{
"lessThan": "388eff894d6bc5f921e9bfff0e4b0ab2684a96e9",
"status": "affected",
"version": "672365477ae8afca5a1cca98c1deb733235e4525",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/fpu/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure XFD state on signal delivery\n\nSean reported [1] the following splat when running KVM tests:\n\n WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70\n Call Trace:\n \u003cTASK\u003e\n fpu__clear_user_states+0x9c/0x100\n arch_do_signal_or_restart+0x142/0x210\n exit_to_user_mode_loop+0x55/0x100\n do_syscall_64+0x205/0x2c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nChao further identified [2] a reproducible scenario involving signal\ndelivery: a non-AMX task is preempted by an AMX-enabled task which\nmodifies the XFD MSR.\n\nWhen the non-AMX task resumes and reloads XSTATE with init values,\na warning is triggered due to a mismatch between fpstate::xfd and the\nCPU\u0027s current XFD state. fpu__clear_user_states() does not currently\nre-synchronize the XFD state after such preemption.\n\nInvoke xfd_update_state() which detects and corrects the mismatch if\nthere is a dynamic feature.\n\nThis also benefits the sigreturn path, as fpu__restore_sig() may call\nfpu__clear_user_states() when the sigframe is inaccessible.\n\n[ dhansen: minor changelog munging ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:48:01.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eefbfb722042fc9210d2e0ac2b063fd1abf51895"
},
{
"url": "https://git.kernel.org/stable/c/1811c610653c0cd21cc9add14595b7cffaeca511"
},
{
"url": "https://git.kernel.org/stable/c/5b2619b488f1d08b960c43c6468dd0759e8b3035"
},
{
"url": "https://git.kernel.org/stable/c/3f735419c4b43cde42e6d408db39137b82474e31"
},
{
"url": "https://git.kernel.org/stable/c/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9"
}
],
"title": "x86/fpu: Ensure XFD state on signal delivery",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68171",
"datePublished": "2025-12-16T13:42:51.121Z",
"dateReserved": "2025-12-16T13:41:40.251Z",
"dateUpdated": "2026-05-11T21:48:01.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68173 (GCVE-0-2025-68173)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:42 – Updated: 2026-05-11 21:48
VLAI
EPSS
Title
ftrace: Fix softlockup in ftrace_module_enable
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix softlockup in ftrace_module_enable
A soft lockup was observed when loading amdgpu module.
If a module has a lot of tracable functions, multiple calls
to kallsyms_lookup can spend too much time in RCU critical
section and with disabled preemption, causing kernel panic.
This is the same issue that was fixed in
commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY
kernels") and commit 42ea22e754ba ("ftrace: Add cond_resched() to
ftrace_graph_set_hash()").
Fix it the same way by adding cond_resched() in ftrace_module_enable.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c , < a1dd0abd741a8111260676da729825d6c1461a71
(git)
Affected: b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c , < e81e6d6d99b16dae11adbeda5c996317942a940c (git) Affected: b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c , < 40c8ee40e48a2c82c762539952ed8fc0571db5bf (git) Affected: b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c , < 7e3c96010ade29bb340a5bdce8675f50c7f59001 (git) Affected: b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c , < 4099b98203d6b33d990586542fa5beee408032a3 (git) |
|
| Linux | Linux |
Affected:
4.5
Unaffected: 0 , < 4.5 (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a1dd0abd741a8111260676da729825d6c1461a71",
"status": "affected",
"version": "b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c",
"versionType": "git"
},
{
"lessThan": "e81e6d6d99b16dae11adbeda5c996317942a940c",
"status": "affected",
"version": "b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c",
"versionType": "git"
},
{
"lessThan": "40c8ee40e48a2c82c762539952ed8fc0571db5bf",
"status": "affected",
"version": "b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c",
"versionType": "git"
},
{
"lessThan": "7e3c96010ade29bb340a5bdce8675f50c7f59001",
"status": "affected",
"version": "b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c",
"versionType": "git"
},
{
"lessThan": "4099b98203d6b33d990586542fa5beee408032a3",
"status": "affected",
"version": "b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix softlockup in ftrace_module_enable\n\nA soft lockup was observed when loading amdgpu module.\nIf a module has a lot of tracable functions, multiple calls\nto kallsyms_lookup can spend too much time in RCU critical\nsection and with disabled preemption, causing kernel panic.\nThis is the same issue that was fixed in\ncommit d0b24b4e91fc (\"ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY\nkernels\") and commit 42ea22e754ba (\"ftrace: Add cond_resched() to\nftrace_graph_set_hash()\").\n\nFix it the same way by adding cond_resched() in ftrace_module_enable."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:48:04.420Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a1dd0abd741a8111260676da729825d6c1461a71"
},
{
"url": "https://git.kernel.org/stable/c/e81e6d6d99b16dae11adbeda5c996317942a940c"
},
{
"url": "https://git.kernel.org/stable/c/40c8ee40e48a2c82c762539952ed8fc0571db5bf"
},
{
"url": "https://git.kernel.org/stable/c/7e3c96010ade29bb340a5bdce8675f50c7f59001"
},
{
"url": "https://git.kernel.org/stable/c/4099b98203d6b33d990586542fa5beee408032a3"
}
],
"title": "ftrace: Fix softlockup in ftrace_module_enable",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68173",
"datePublished": "2025-12-16T13:42:53.106Z",
"dateReserved": "2025-12-16T13:41:40.251Z",
"dateUpdated": "2026-05-11T21:48:04.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68176 (GCVE-0-2025-68176)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:42 – Updated: 2026-05-11 21:48
VLAI
EPSS
Title
PCI: cadence: Check for the existence of cdns_pcie::ops before using it
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: cadence: Check for the existence of cdns_pcie::ops before using it
cdns_pcie::ops might not be populated by all the Cadence glue drivers. This
is going to be true for the upcoming Sophgo platform which doesn't set the
ops.
Hence, add a check to prevent NULL pointer dereference.
[mani: reworded subject and description]
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
40d957e6f9eb3a8a585007b8b730340c829afbdb , < d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1
(git)
Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < eb3d29ca0820fa3d7cccad47d2da56c9ab5469ed (git) Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < 0d0bb756f002810d249caee51f3f1c309f3cdab5 (git) Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < 1810b2fd7375de88a74976dcd402b29088e479ed (git) Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < 953eb3796ef06b8ea3bf6bdde14156255bc75866 (git) Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < 363448d069e29685ca37a118065121e486387af3 (git) Affected: 40d957e6f9eb3a8a585007b8b730340c829afbdb , < 49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09 (git) |
|
| Linux | Linux |
Affected:
5.9
Unaffected: 0 , < 5.9 (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/cadence/pcie-cadence-host.c",
"drivers/pci/controller/cadence/pcie-cadence.c",
"drivers/pci/controller/cadence/pcie-cadence.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "eb3d29ca0820fa3d7cccad47d2da56c9ab5469ed",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "0d0bb756f002810d249caee51f3f1c309f3cdab5",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "1810b2fd7375de88a74976dcd402b29088e479ed",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "953eb3796ef06b8ea3bf6bdde14156255bc75866",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "363448d069e29685ca37a118065121e486387af3",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
},
{
"lessThan": "49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09",
"status": "affected",
"version": "40d957e6f9eb3a8a585007b8b730340c829afbdb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/cadence/pcie-cadence-host.c",
"drivers/pci/controller/cadence/pcie-cadence.c",
"drivers/pci/controller/cadence/pcie-cadence.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: cadence: Check for the existence of cdns_pcie::ops before using it\n\ncdns_pcie::ops might not be populated by all the Cadence glue drivers. This\nis going to be true for the upcoming Sophgo platform which doesn\u0027t set the\nops.\n\nHence, add a check to prevent NULL pointer dereference.\n\n[mani: reworded subject and description]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:48:07.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1"
},
{
"url": "https://git.kernel.org/stable/c/eb3d29ca0820fa3d7cccad47d2da56c9ab5469ed"
},
{
"url": "https://git.kernel.org/stable/c/0d0bb756f002810d249caee51f3f1c309f3cdab5"
},
{
"url": "https://git.kernel.org/stable/c/1810b2fd7375de88a74976dcd402b29088e479ed"
},
{
"url": "https://git.kernel.org/stable/c/953eb3796ef06b8ea3bf6bdde14156255bc75866"
},
{
"url": "https://git.kernel.org/stable/c/363448d069e29685ca37a118065121e486387af3"
},
{
"url": "https://git.kernel.org/stable/c/49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09"
}
],
"title": "PCI: cadence: Check for the existence of cdns_pcie::ops before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68176",
"datePublished": "2025-12-16T13:42:55.616Z",
"dateReserved": "2025-12-16T13:41:40.251Z",
"dateUpdated": "2026-05-11T21:48:07.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68177 (GCVE-0-2025-68177)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:42 – Updated: 2026-05-11 21:48
VLAI
EPSS
Title
cpufreq/longhaul: handle NULL policy in longhaul_exit
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpufreq/longhaul: handle NULL policy in longhaul_exit
longhaul_exit() was calling cpufreq_cpu_get(0) without checking
for a NULL policy pointer. On some systems, this could lead to a
NULL dereference and a kernel warning or panic.
This patch adds a check using unlikely() and returns early if the
policy is NULL.
Bugzilla: #219962
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < b02352dd2e6cca98777714cc2a27553191df70db
(git)
Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 956b56d17a89775e4957bbddefa45cd3c6c71000 (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 55cf586b9556863e3c2a45460aba71bcb2be5bcd (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < fd93e1d71b3b14443092919be12b1abf08de35eb (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 8d6791c480f22d6e9a566eaa77336d3d37c5c591 (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 64adabb6d9d51b7e7c02fe733346a2c4dd738488 (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 809cf2a7794ca4c14c304b349f4c3ae220701ce4 (git) Affected: b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 , < 592532a77b736b5153e0c2e4c74aa50af0a352ab (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 5.4.302 , ≤ 5.4.* (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/longhaul.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b02352dd2e6cca98777714cc2a27553191df70db",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "956b56d17a89775e4957bbddefa45cd3c6c71000",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "55cf586b9556863e3c2a45460aba71bcb2be5bcd",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "fd93e1d71b3b14443092919be12b1abf08de35eb",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "8d6791c480f22d6e9a566eaa77336d3d37c5c591",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "64adabb6d9d51b7e7c02fe733346a2c4dd738488",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "809cf2a7794ca4c14c304b349f4c3ae220701ce4",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
},
{
"lessThan": "592532a77b736b5153e0c2e4c74aa50af0a352ab",
"status": "affected",
"version": "b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/longhaul.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.302",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq/longhaul: handle NULL policy in longhaul_exit\n\nlonghaul_exit() was calling cpufreq_cpu_get(0) without checking\nfor a NULL policy pointer. On some systems, this could lead to a\nNULL dereference and a kernel warning or panic.\n\nThis patch adds a check using unlikely() and returns early if the\npolicy is NULL.\n\nBugzilla: #219962"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:48:09.012Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db"
},
{
"url": "https://git.kernel.org/stable/c/956b56d17a89775e4957bbddefa45cd3c6c71000"
},
{
"url": "https://git.kernel.org/stable/c/55cf586b9556863e3c2a45460aba71bcb2be5bcd"
},
{
"url": "https://git.kernel.org/stable/c/fd93e1d71b3b14443092919be12b1abf08de35eb"
},
{
"url": "https://git.kernel.org/stable/c/8d6791c480f22d6e9a566eaa77336d3d37c5c591"
},
{
"url": "https://git.kernel.org/stable/c/64adabb6d9d51b7e7c02fe733346a2c4dd738488"
},
{
"url": "https://git.kernel.org/stable/c/809cf2a7794ca4c14c304b349f4c3ae220701ce4"
},
{
"url": "https://git.kernel.org/stable/c/592532a77b736b5153e0c2e4c74aa50af0a352ab"
}
],
"title": "cpufreq/longhaul: handle NULL policy in longhaul_exit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68177",
"datePublished": "2025-12-16T13:42:56.336Z",
"dateReserved": "2025-12-16T13:41:40.251Z",
"dateUpdated": "2026-05-11T21:48:09.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68185 (GCVE-0-2025-68185)
Vulnerability from cvelistv5 – Published: 2025-12-16 13:43 – Updated: 2026-06-16 19:21
VLAI
EPSS
Title
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Theoretically it's an oopsable race, but I don't believe one can manage
to hit it on real hardware; might become doable on a KVM, but it still
won't be easy to attack.
Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of
put_unaligned_be64(), we can put that under ->d_lock and be done with that.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6025f641a0e30afdc5aa62017397b1860ad9f677
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e6cafe71eb3b5579b245ba1bd528a181e77f3df1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fa4daf7d11e45b72aad5d943a7ab991f869fff79 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 504b3fb9948a9e96ebbabdee0d33966a8bab15cb (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < eacfd08b26a062f1095b18719715bc82ad35312e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 40be5b9080114f18b0cea386db415b68a7273c1a (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f5e570eaab36a110c6ffda32b87c51170990c2d1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a890a2e339b929dbd843328f9a92a1625404fe63 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.302 , ≤ 5.4.* (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.197 , ≤ 5.15.* (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.58 , ≤ 6.12.* (semver) Unaffected: 6.17.8 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T19:21:00.664758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:21:22.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6025f641a0e30afdc5aa62017397b1860ad9f677",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e6cafe71eb3b5579b245ba1bd528a181e77f3df1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa4daf7d11e45b72aad5d943a7ab991f869fff79",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "504b3fb9948a9e96ebbabdee0d33966a8bab15cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eacfd08b26a062f1095b18719715bc82ad35312e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40be5b9080114f18b0cea386db415b68a7273c1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f5e570eaab36a110c6ffda32b87c51170990c2d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a890a2e339b929dbd843328f9a92a1625404fe63",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.302",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.197",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing\n\nTheoretically it\u0027s an oopsable race, but I don\u0027t believe one can manage\nto hit it on real hardware; might become doable on a KVM, but it still\nwon\u0027t be easy to attack.\n\nAnyway, it\u0027s easy to deal with - since xdr_encode_hyper() is just a call of\nput_unaligned_be64(), we can put that under -\u003ed_lock and be done with that."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:48:18.325Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677"
},
{
"url": "https://git.kernel.org/stable/c/e6cafe71eb3b5579b245ba1bd528a181e77f3df1"
},
{
"url": "https://git.kernel.org/stable/c/fa4daf7d11e45b72aad5d943a7ab991f869fff79"
},
{
"url": "https://git.kernel.org/stable/c/504b3fb9948a9e96ebbabdee0d33966a8bab15cb"
},
{
"url": "https://git.kernel.org/stable/c/eacfd08b26a062f1095b18719715bc82ad35312e"
},
{
"url": "https://git.kernel.org/stable/c/40be5b9080114f18b0cea386db415b68a7273c1a"
},
{
"url": "https://git.kernel.org/stable/c/f5e570eaab36a110c6ffda32b87c51170990c2d1"
},
{
"url": "https://git.kernel.org/stable/c/a890a2e339b929dbd843328f9a92a1625404fe63"
}
],
"title": "nfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68185",
"datePublished": "2025-12-16T13:43:02.894Z",
"dateReserved": "2025-12-16T13:41:40.252Z",
"dateUpdated": "2026-06-16T19:21:22.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…