Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0522
Vulnerability from certfr_avis - Published: 2026-04-30 - Updated: 2026-04-30
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-71075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71075"
},
{
"name": "CVE-2025-71086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71086"
},
{
"name": "CVE-2025-71065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71065"
},
{
"name": "CVE-2025-68374",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68374"
},
{
"name": "CVE-2025-71094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71094"
},
{
"name": "CVE-2025-68788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68788"
},
{
"name": "CVE-2025-68778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68778"
},
{
"name": "CVE-2025-71064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71064"
},
{
"name": "CVE-2025-68741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68741"
},
{
"name": "CVE-2025-68795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68795"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2025-68380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68380"
},
{
"name": "CVE-2026-23269",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23269"
},
{
"name": "CVE-2021-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47599"
},
{
"name": "CVE-2025-71071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71071"
},
{
"name": "CVE-2025-68728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68728"
},
{
"name": "CVE-2025-68364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68364"
},
{
"name": "CVE-2025-71087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71087"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-71135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71135"
},
{
"name": "CVE-2025-68773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68773"
},
{
"name": "CVE-2025-71133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71133"
},
{
"name": "CVE-2025-68796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68796"
},
{
"name": "CVE-2025-68804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68804"
},
{
"name": "CVE-2025-68769",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68769"
},
{
"name": "CVE-2025-68794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68794"
},
{
"name": "CVE-2025-71088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71088"
},
{
"name": "CVE-2025-68806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68806"
},
{
"name": "CVE-2025-71098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71098"
},
{
"name": "CVE-2025-71078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71078"
},
{
"name": "CVE-2025-71083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71083"
},
{
"name": "CVE-2025-68813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68813"
},
{
"name": "CVE-2025-68265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68265"
},
{
"name": "CVE-2025-71085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
},
{
"name": "CVE-2026-23268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23268"
},
{
"name": "CVE-2025-68344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68344"
},
{
"name": "CVE-2025-71154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71154"
},
{
"name": "CVE-2022-49046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49046"
},
{
"name": "CVE-2025-68257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68257"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2025-71084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71084"
},
{
"name": "CVE-2025-68347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68347"
},
{
"name": "CVE-2025-68770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68770"
},
{
"name": "CVE-2025-68814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68814"
},
{
"name": "CVE-2025-68780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68780"
},
{
"name": "CVE-2025-71081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71081"
},
{
"name": "CVE-2026-23407",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23407"
},
{
"name": "CVE-2025-71121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71121"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-71136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71136"
},
{
"name": "CVE-2025-68354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68354"
},
{
"name": "CVE-2025-68801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68801"
},
{
"name": "CVE-2025-68258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68258"
},
{
"name": "CVE-2025-71138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71138"
},
{
"name": "CVE-2025-68291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68291"
},
{
"name": "CVE-2025-71122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71122"
},
{
"name": "CVE-2025-68763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68763"
},
{
"name": "CVE-2025-71144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71144"
},
{
"name": "CVE-2025-38234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38234"
},
{
"name": "CVE-2025-68255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68255"
},
{
"name": "CVE-2022-49698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49698"
},
{
"name": "CVE-2026-23406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23406"
},
{
"name": "CVE-2025-71093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71093"
},
{
"name": "CVE-2025-71102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71102"
},
{
"name": "CVE-2025-68759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68759"
},
{
"name": "CVE-2025-68733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68733"
},
{
"name": "CVE-2025-68335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68335"
},
{
"name": "CVE-2025-71079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71079"
},
{
"name": "CVE-2025-71153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71153"
},
{
"name": "CVE-2025-68772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68772"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2025-71143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71143"
},
{
"name": "CVE-2025-68785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68785"
},
{
"name": "CVE-2025-71130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71130"
},
{
"name": "CVE-2025-68808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68808"
},
{
"name": "CVE-2025-68783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68783"
},
{
"name": "CVE-2025-71147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71147"
},
{
"name": "CVE-2025-68724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-71126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71126"
},
{
"name": "CVE-2025-68786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68786"
},
{
"name": "CVE-2025-68797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68797"
},
{
"name": "CVE-2025-68259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68259"
},
{
"name": "CVE-2025-71125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71125"
},
{
"name": "CVE-2025-71108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71108"
},
{
"name": "CVE-2025-71069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71069"
},
{
"name": "CVE-2025-68774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68774"
},
{
"name": "CVE-2025-71082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71082"
},
{
"name": "CVE-2025-68765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68765"
},
{
"name": "CVE-2025-71132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71132"
},
{
"name": "CVE-2025-71077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71077"
},
{
"name": "CVE-2025-71140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71140"
},
{
"name": "CVE-2025-22111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22111"
},
{
"name": "CVE-2025-71114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71114"
},
{
"name": "CVE-2025-71067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
},
{
"name": "CVE-2025-68744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68744"
},
{
"name": "CVE-2025-71151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71151"
},
{
"name": "CVE-2025-68821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68821"
},
{
"name": "CVE-2025-68325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68325"
},
{
"name": "CVE-2025-71089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
},
{
"name": "CVE-2025-68332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68332"
},
{
"name": "CVE-2025-71104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71104"
},
{
"name": "CVE-2025-68378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68378"
},
{
"name": "CVE-2025-71141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71141"
},
{
"name": "CVE-2026-23410",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23410"
},
{
"name": "CVE-2025-71101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71101"
},
{
"name": "CVE-2025-68367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68367"
},
{
"name": "CVE-2025-68820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68820"
},
{
"name": "CVE-2025-68756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68756"
},
{
"name": "CVE-2025-68740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68740"
},
{
"name": "CVE-2025-68742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68742"
},
{
"name": "CVE-2025-68816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68816"
},
{
"name": "CVE-2025-68379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68379"
},
{
"name": "CVE-2025-68256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68256"
},
{
"name": "CVE-2025-68777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68777"
},
{
"name": "CVE-2025-68254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68254"
},
{
"name": "CVE-2025-71109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71109"
},
{
"name": "CVE-2025-71118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71118"
},
{
"name": "CVE-2025-71150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71150"
},
{
"name": "CVE-2025-68776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68776"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2025-68799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68799"
},
{
"name": "CVE-2025-68345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68345"
},
{
"name": "CVE-2025-71097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71097"
},
{
"name": "CVE-2025-71107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71107"
},
{
"name": "CVE-2025-71111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71111"
},
{
"name": "CVE-2025-68811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68811"
},
{
"name": "CVE-2025-68337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68337"
},
{
"name": "CVE-2026-23405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23405"
},
{
"name": "CVE-2025-71131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71131"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2026-23403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23403"
},
{
"name": "CVE-2025-40164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40164"
},
{
"name": "CVE-2025-71116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71116"
},
{
"name": "CVE-2025-68362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68362"
},
{
"name": "CVE-2025-68753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68753"
},
{
"name": "CVE-2025-68369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68369"
},
{
"name": "CVE-2025-68775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68775"
},
{
"name": "CVE-2025-71112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71112"
},
{
"name": "CVE-2025-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22022"
},
{
"name": "CVE-2025-68818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68818"
},
{
"name": "CVE-2025-71148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71148"
},
{
"name": "CVE-2025-68366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68366"
},
{
"name": "CVE-2024-36347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36347"
},
{
"name": "CVE-2025-68815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68815"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-68346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68346"
},
{
"name": "CVE-2025-71096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71096"
},
{
"name": "CVE-2025-71095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71095"
},
{
"name": "CVE-2025-71105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71105"
},
{
"name": "CVE-2025-68266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68266"
},
{
"name": "CVE-2025-68771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68771"
},
{
"name": "CVE-2025-68363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68363"
},
{
"name": "CVE-2026-23411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23411"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2025-68757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68757"
},
{
"name": "CVE-2025-71068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71068"
},
{
"name": "CVE-2026-23409",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23409"
},
{
"name": "CVE-2025-68766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68766"
},
{
"name": "CVE-2025-71123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71123"
},
{
"name": "CVE-2025-68206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
},
{
"name": "CVE-2025-68372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68372"
},
{
"name": "CVE-2026-23404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23404"
},
{
"name": "CVE-2025-71137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71137"
},
{
"name": "CVE-2025-68809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68809"
},
{
"name": "CVE-2025-71120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71120"
},
{
"name": "CVE-2026-23060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23060"
},
{
"name": "CVE-2025-68817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68817"
},
{
"name": "CVE-2025-71119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71119"
},
{
"name": "CVE-2025-68787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68787"
},
{
"name": "CVE-2025-68782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68782"
},
{
"name": "CVE-2025-68758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68758"
},
{
"name": "CVE-2025-71113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71113"
},
{
"name": "CVE-2025-71127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71127"
},
{
"name": "CVE-2025-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40325"
},
{
"name": "CVE-2025-68798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68798"
},
{
"name": "CVE-2025-68336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68336"
},
{
"name": "CVE-2025-68810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68810"
},
{
"name": "CVE-2025-68819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68819"
},
{
"name": "CVE-2025-71072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71072"
},
{
"name": "CVE-2025-68732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68732"
},
{
"name": "CVE-2025-37849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37849"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2025-68371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68371"
},
{
"name": "CVE-2025-71091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71091"
},
{
"name": "CVE-2025-68263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68263"
},
{
"name": "CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"name": "CVE-2025-68261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68261"
},
{
"name": "CVE-2025-68755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68755"
},
{
"name": "CVE-2025-71149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71149"
},
{
"name": "CVE-2025-68767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68767"
},
{
"name": "CVE-2025-68727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68727"
},
{
"name": "CVE-2025-68264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68264"
},
{
"name": "CVE-2025-68764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68764"
}
],
"initial_release_date": "2026-04-30T00:00:00",
"last_revision_date": "2026-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0522",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2026-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8185-2",
"url": "https://ubuntu.com/security/notices/USN-8185-2"
},
{
"published_at": "2026-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8224-1",
"url": "https://ubuntu.com/security/notices/USN-8224-1"
}
]
}
CVE-2025-68759 (GCVE-0-2025-68759)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:32 – Updated: 2026-05-11 21:52
VLAI
EPSS
Title
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA
allocations in a loop. When an allocation fails, the previously
successful allocations are not freed on exit.
Fix that by jumping to err_free_rings label on error, which calls
rtl8180_free_rx_ring() to free the allocations. Remove the free of
rx_ring in rtl8180_init_rx_ring() error path, and set the freed
priv->rx_buf entry to null, to avoid double free.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f653211197f3841f383fa9757ef8ce182c6cf627 , < 3677c01891fb0239361e444afee8398868e34bdf
(git)
Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < 89caaeee8dd95fae8bb4f4964e6fe3ca688500c4 (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < a4fb7cca9837378878e6c94d9e7af019c8fdfcdb (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < bf8513dfa31ea015c9cf415796dca2113d293840 (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < ee7db11742b30641f21306105ad27a275e3c61d7 (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < a813a74570212cb5f3a7d3b05c0cb0cd00bace1d (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < c9d1c4152e6d32fa74034464854bee262a60bc43 (git) Affected: f653211197f3841f383fa9757ef8ce182c6cf627 , < 9b5b9c042b30befc5b37e4539ace95af70843473 (git) |
|
| Linux | Linux |
Affected:
2.6.25
Unaffected: 0 , < 2.6.25 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.63 , ≤ 6.12.* (semver) Unaffected: 6.17.13 , ≤ 6.17.* (semver) Unaffected: 6.18.2 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3677c01891fb0239361e444afee8398868e34bdf",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "89caaeee8dd95fae8bb4f4964e6fe3ca688500c4",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "a4fb7cca9837378878e6c94d9e7af019c8fdfcdb",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "bf8513dfa31ea015c9cf415796dca2113d293840",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "ee7db11742b30641f21306105ad27a275e3c61d7",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "a813a74570212cb5f3a7d3b05c0cb0cd00bace1d",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "c9d1c4152e6d32fa74034464854bee262a60bc43",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
},
{
"lessThan": "9b5b9c042b30befc5b37e4539ace95af70843473",
"status": "affected",
"version": "f653211197f3841f383fa9757ef8ce182c6cf627",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()\n\nIn rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA\nallocations in a loop. When an allocation fails, the previously\nsuccessful allocations are not freed on exit.\n\nFix that by jumping to err_free_rings label on error, which calls\nrtl8180_free_rx_ring() to free the allocations. Remove the free of\nrx_ring in rtl8180_init_rx_ring() error path, and set the freed\npriv-\u003erx_buf entry to null, to avoid double free."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:48.124Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3677c01891fb0239361e444afee8398868e34bdf"
},
{
"url": "https://git.kernel.org/stable/c/89caaeee8dd95fae8bb4f4964e6fe3ca688500c4"
},
{
"url": "https://git.kernel.org/stable/c/a4fb7cca9837378878e6c94d9e7af019c8fdfcdb"
},
{
"url": "https://git.kernel.org/stable/c/bf8513dfa31ea015c9cf415796dca2113d293840"
},
{
"url": "https://git.kernel.org/stable/c/ee7db11742b30641f21306105ad27a275e3c61d7"
},
{
"url": "https://git.kernel.org/stable/c/a813a74570212cb5f3a7d3b05c0cb0cd00bace1d"
},
{
"url": "https://git.kernel.org/stable/c/c9d1c4152e6d32fa74034464854bee262a60bc43"
},
{
"url": "https://git.kernel.org/stable/c/9b5b9c042b30befc5b37e4539ace95af70843473"
}
],
"title": "wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68759",
"datePublished": "2026-01-05T09:32:32.174Z",
"dateReserved": "2025-12-24T10:30:51.033Z",
"dateUpdated": "2026-05-11T21:52:48.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68763 (GCVE-0-2025-68763)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:32 – Updated: 2026-05-11 21:52
VLAI
EPSS
Title
crypto: starfive - Correctly handle return of sg_nents_for_len
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 6cd14414394b4f3d6e1ed64b8241d1fcc2271820
(git)
Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 0c3854d65cc4402cb8c52d4d773450a06efecab6 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 1af5c973dd744e29fa22121f43e8646b7a7a71a7 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 9b3f71cf02e04cfaa482155e3078707fe7f8aef4 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < e9eb52037a529fbb307c290e9951a62dd728b03d (git) |
|
| Linux | Linux |
Affected:
6.5
Unaffected: 0 , < 6.5 (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.63 , ≤ 6.12.* (semver) Unaffected: 6.17.13 , ≤ 6.17.* (semver) Unaffected: 6.18.2 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6cd14414394b4f3d6e1ed64b8241d1fcc2271820",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "0c3854d65cc4402cb8c52d4d773450a06efecab6",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "1af5c973dd744e29fa22121f43e8646b7a7a71a7",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "9b3f71cf02e04cfaa482155e3078707fe7f8aef4",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "e9eb52037a529fbb307c290e9951a62dd728b03d",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Correctly handle return of sg_nents_for_len\n\nThe return value of sg_nents_for_len was assigned to an unsigned long\nin starfive_hash_digest, causing negative error codes to be converted\nto large positive integers.\n\nAdd error checking for sg_nents_for_len and return immediately on\nfailure to prevent potential buffer overflows."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:52.779Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820"
},
{
"url": "https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6"
},
{
"url": "https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7"
},
{
"url": "https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4"
},
{
"url": "https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d"
}
],
"title": "crypto: starfive - Correctly handle return of sg_nents_for_len",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68763",
"datePublished": "2026-01-05T09:32:35.678Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-05-11T21:52:52.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68764 (GCVE-0-2025-68764)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:44 – Updated: 2026-06-16 16:52
VLAI
EPSS
Title
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
When a filesystem is being automounted, it needs to preserve the
user-set superblock mount options, such as the "ro" flag.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f2aedb713c284429987dc66c7aaf38decfc8da2a , < a3dc6c40bcab1a888d5c0d134ccc0746b4c98929
(git)
Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < ba1495aefd22fcf0746a2a3025c95d766d7cde4d (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < c09070b4def1b34e473a746c6a5331ccb80902c1 (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < dce10c59211e5cd763a62ea01e79b82a629811e3 (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < 612cc98698d667df804792f0c47d4e501e66da29 (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < 4b296944e632cf4c6a4cc8e2585c6451eae47b1b (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < df9b003a2ecacc7218486fbb31fe008c93097d5f (git) Affected: f2aedb713c284429987dc66c7aaf38decfc8da2a , < 8675c69816e4276b979ff475ee5fac4688f80125 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.63 , ≤ 6.12.* (semver) Unaffected: 6.17.13 , ≤ 6.17.* (semver) Unaffected: 6.18.2 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T16:51:54.569623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T16:52:07.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/namespace.c",
"fs/nfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3dc6c40bcab1a888d5c0d134ccc0746b4c98929",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "ba1495aefd22fcf0746a2a3025c95d766d7cde4d",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "c09070b4def1b34e473a746c6a5331ccb80902c1",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "dce10c59211e5cd763a62ea01e79b82a629811e3",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "612cc98698d667df804792f0c47d4e501e66da29",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "4b296944e632cf4c6a4cc8e2585c6451eae47b1b",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "df9b003a2ecacc7218486fbb31fe008c93097d5f",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
},
{
"lessThan": "8675c69816e4276b979ff475ee5fac4688f80125",
"status": "affected",
"version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/namespace.c",
"fs/nfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags\n\nWhen a filesystem is being automounted, it needs to preserve the\nuser-set superblock mount options, such as the \"ro\" flag."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:53.912Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3dc6c40bcab1a888d5c0d134ccc0746b4c98929"
},
{
"url": "https://git.kernel.org/stable/c/ba1495aefd22fcf0746a2a3025c95d766d7cde4d"
},
{
"url": "https://git.kernel.org/stable/c/c09070b4def1b34e473a746c6a5331ccb80902c1"
},
{
"url": "https://git.kernel.org/stable/c/dce10c59211e5cd763a62ea01e79b82a629811e3"
},
{
"url": "https://git.kernel.org/stable/c/612cc98698d667df804792f0c47d4e501e66da29"
},
{
"url": "https://git.kernel.org/stable/c/4b296944e632cf4c6a4cc8e2585c6451eae47b1b"
},
{
"url": "https://git.kernel.org/stable/c/df9b003a2ecacc7218486fbb31fe008c93097d5f"
},
{
"url": "https://git.kernel.org/stable/c/8675c69816e4276b979ff475ee5fac4688f80125"
}
],
"title": "NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68764",
"datePublished": "2026-01-05T09:44:12.518Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-06-16T16:52:07.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68765 (GCVE-0-2025-68765)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:44 – Updated: 2026-05-11 21:52
VLAI
EPSS
Title
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the
subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function
returns an error without freeing sskb, leading to a memory leak.
Fix this by calling dev_kfree_skb() on sskb in the error handling path
to ensure it is properly released.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
99c457d902cf90bdc0df5d57e6156ec108711068 , < d6c91fc732698642f70c688324c98551b97b412c
(git)
Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < 594ff8bb69e239678a8baa461827ce4bb90eff8f (git) Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < 1c3c234af9407256ed670c8752923a672eea4225 (git) Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < 278bfed4529a0c9c9119f5a52ddafe69db61a75c (git) Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < fb905e69941b44e03fe1a24e95328d45442b6d6d (git) Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < 4d42aba0ee49c0aa015c50c4f2a07cf8fa1c3a49 (git) Affected: 99c457d902cf90bdc0df5d57e6156ec108711068 , < 53d1548612670aa8b5d89745116cc33d9d172863 (git) |
|
| Linux | Linux |
Affected:
5.7
Unaffected: 0 , < 5.7 (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.63 , ≤ 6.12.* (semver) Unaffected: 6.17.13 , ≤ 6.17.* (semver) Unaffected: 6.18.2 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7615/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d6c91fc732698642f70c688324c98551b97b412c",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "594ff8bb69e239678a8baa461827ce4bb90eff8f",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "1c3c234af9407256ed670c8752923a672eea4225",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "278bfed4529a0c9c9119f5a52ddafe69db61a75c",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "fb905e69941b44e03fe1a24e95328d45442b6d6d",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "4d42aba0ee49c0aa015c50c4f2a07cf8fa1c3a49",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
},
{
"lessThan": "53d1548612670aa8b5d89745116cc33d9d172863",
"status": "affected",
"version": "99c457d902cf90bdc0df5d57e6156ec108711068",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7615/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()\n\nIn mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the\nsubsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function\nreturns an error without freeing sskb, leading to a memory leak.\n\nFix this by calling dev_kfree_skb() on sskb in the error handling path\nto ensure it is properly released."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:55.118Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d6c91fc732698642f70c688324c98551b97b412c"
},
{
"url": "https://git.kernel.org/stable/c/594ff8bb69e239678a8baa461827ce4bb90eff8f"
},
{
"url": "https://git.kernel.org/stable/c/1c3c234af9407256ed670c8752923a672eea4225"
},
{
"url": "https://git.kernel.org/stable/c/278bfed4529a0c9c9119f5a52ddafe69db61a75c"
},
{
"url": "https://git.kernel.org/stable/c/fb905e69941b44e03fe1a24e95328d45442b6d6d"
},
{
"url": "https://git.kernel.org/stable/c/4d42aba0ee49c0aa015c50c4f2a07cf8fa1c3a49"
},
{
"url": "https://git.kernel.org/stable/c/53d1548612670aa8b5d89745116cc33d9d172863"
}
],
"title": "mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68765",
"datePublished": "2026-01-05T09:44:13.242Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-05-11T21:52:55.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68766 (GCVE-0-2025-68766)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:44 – Updated: 2026-05-11 21:52
VLAI
EPSS
Title
irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then
it results in an out of bounds access.
The code checks for invalid values, but doesn't set the error code. Return
-EINVAL in that case, instead of returning success.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
00fa3461c86dd289b441d4d5a6bb236064bd207b , < 324c60a67c4b9668497940f667db14d216cc7b1b
(git)
Affected: 00fa3461c86dd289b441d4d5a6bb236064bd207b , < c21c606ad398eeb86a0f3aaff9ba4f2665e286c6 (git) Affected: 00fa3461c86dd289b441d4d5a6bb236064bd207b , < 3873afcb57614c1aaa5b6715554d6d1c22cac95a (git) Affected: 00fa3461c86dd289b441d4d5a6bb236064bd207b , < 09efe7cfbf919c4d763bc425473fcfee0dc98356 (git) Affected: 00fa3461c86dd289b441d4d5a6bb236064bd207b , < efd65e2e2fd96f7aaa5cb07d79bbbfcfc80aa552 (git) Affected: 00fa3461c86dd289b441d4d5a6bb236064bd207b , < 7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7 (git) |
|
| Linux | Linux |
Affected:
5.16
Unaffected: 0 , < 5.16 (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.63 , ≤ 6.12.* (semver) Unaffected: 6.17.13 , ≤ 6.17.* (semver) Unaffected: 6.18.2 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-mchp-eic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "324c60a67c4b9668497940f667db14d216cc7b1b",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
},
{
"lessThan": "c21c606ad398eeb86a0f3aaff9ba4f2665e286c6",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
},
{
"lessThan": "3873afcb57614c1aaa5b6715554d6d1c22cac95a",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
},
{
"lessThan": "09efe7cfbf919c4d763bc425473fcfee0dc98356",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
},
{
"lessThan": "efd65e2e2fd96f7aaa5cb07d79bbbfcfc80aa552",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
},
{
"lessThan": "7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7",
"status": "affected",
"version": "00fa3461c86dd289b441d4d5a6bb236064bd207b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-mchp-eic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()\n\nIf irq_domain_translate_twocell() sets \"hwirq\" to \u003e= MCHP_EIC_NIRQ (2) then\nit results in an out of bounds access.\n\nThe code checks for invalid values, but doesn\u0027t set the error code. Return\n-EINVAL in that case, instead of returning success."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:56.285Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/324c60a67c4b9668497940f667db14d216cc7b1b"
},
{
"url": "https://git.kernel.org/stable/c/c21c606ad398eeb86a0f3aaff9ba4f2665e286c6"
},
{
"url": "https://git.kernel.org/stable/c/3873afcb57614c1aaa5b6715554d6d1c22cac95a"
},
{
"url": "https://git.kernel.org/stable/c/09efe7cfbf919c4d763bc425473fcfee0dc98356"
},
{
"url": "https://git.kernel.org/stable/c/efd65e2e2fd96f7aaa5cb07d79bbbfcfc80aa552"
},
{
"url": "https://git.kernel.org/stable/c/7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7"
}
],
"title": "irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68766",
"datePublished": "2026-01-05T09:44:13.935Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-05-11T21:52:56.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68767 (GCVE-0-2025-68767)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:28 – Updated: 2026-05-11 21:52
VLAI
EPSS
Title
hfsplus: Verify inode mode when loading from disk
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: Verify inode mode when loading from disk
syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.
According to [1], the permissions field was treated as reserved in Mac OS
8 and 9. According to [2], the reserved field was explicitly initialized
with 0, and that field must remain 0 as long as reserved. Therefore, when
the "mode" field is not 0 (i.e. no longer reserved), the file must be
S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/
S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6f768724aabd5b321c5b8f15acdca11e4781cf32
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d92333c7a35856e419500e7eed72dac1afa404a5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 001f44982587ad462b3002ee40c75e8df67d597d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 05ec9af3cc430683c97f76027e1c55ac6fd25c59 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < edfb2e602b5ba5ca6bf31cbac20b366efb72b156 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 91f114bffa36ce56d0e1f60a0a44fc09baaefc79 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 005d4b0d33f6b4a23d382b7930f7a96b95b01f39 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6f768724aabd5b321c5b8f15acdca11e4781cf32",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d92333c7a35856e419500e7eed72dac1afa404a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "001f44982587ad462b3002ee40c75e8df67d597d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "05ec9af3cc430683c97f76027e1c55ac6fd25c59",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edfb2e602b5ba5ca6bf31cbac20b366efb72b156",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "91f114bffa36ce56d0e1f60a0a44fc09baaefc79",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "005d4b0d33f6b4a23d382b7930f7a96b95b01f39",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: Verify inode mode when loading from disk\n\nsyzbot is reporting that S_IFMT bits of inode-\u003ei_mode can become bogus when\nthe S_IFMT bits of the 16bits \"mode\" field loaded from disk are corrupted.\n\nAccording to [1], the permissions field was treated as reserved in Mac OS\n8 and 9. According to [2], the reserved field was explicitly initialized\nwith 0, and that field must remain 0 as long as reserved. Therefore, when\nthe \"mode\" field is not 0 (i.e. no longer reserved), the file must be\nS_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/\nS_IFBLK/S_IFIFO/S_IFSOCK if dir == 0."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:52:57.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6f768724aabd5b321c5b8f15acdca11e4781cf32"
},
{
"url": "https://git.kernel.org/stable/c/d92333c7a35856e419500e7eed72dac1afa404a5"
},
{
"url": "https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d"
},
{
"url": "https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59"
},
{
"url": "https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156"
},
{
"url": "https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79"
},
{
"url": "https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39"
}
],
"title": "hfsplus: Verify inode mode when loading from disk",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68767",
"datePublished": "2026-01-13T15:28:46.382Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-05-11T21:52:57.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68769 (GCVE-0-2025-68769)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:28 – Updated: 2026-05-23 16:02
VLAI
EPSS
Title
f2fs: fix return value of f2fs_recover_fsync_data()
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix return value of f2fs_recover_fsync_data()
With below scripts, it will trigger panic in f2fs:
mkfs.f2fs -f /dev/vdd
mount /dev/vdd /mnt/f2fs
touch /mnt/f2fs/foo
sync
echo 111 >> /mnt/f2fs/foo
f2fs_io fsync /mnt/f2fs/foo
f2fs_io shutdown 2 /mnt/f2fs
umount /mnt/f2fs
mount -o ro,norecovery /dev/vdd /mnt/f2fs
or
mount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs
F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
F2FS-fs (vdd): Mounted with checkpoint version = 7f5c361f
F2FS-fs (vdd): Stopped filesystem due to reason: 0
F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
Filesystem f2fs get_tree() didn't set fc->root, returned 1
------------[ cut here ]------------
kernel BUG at fs/super.c:1761!
Oops: invalid opcode: 0000 [#1] SMP PTI
CPU: 3 UID: 0 PID: 722 Comm: mount Not tainted 6.18.0-rc2+ #721 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:vfs_get_tree.cold+0x18/0x1a
Call Trace:
<TASK>
fc_mount+0x13/0xa0
path_mount+0x34e/0xc50
__x64_sys_mount+0x121/0x150
do_syscall_64+0x84/0x800
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fa6cc126cfe
The root cause is we missed to handle error number returned from
f2fs_recover_fsync_data() when mounting image w/ ro,norecovery or
ro,disable_roll_forward mount option, result in returning a positive
error number to vfs_get_tree(), fix it.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < e6ac31abd30e9fd2ef5f0819ce7f3f932be3b725
(git)
Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < 0de4977a1eeafe9d77701e3c031a1bcdba389243 (git) Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < 9bc246018aaa3b46a7710428d0a2196c229f9d49 (git) Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < a4c67d96f92eefcfa5596a08f069e77b743c5865 (git) Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < 473550e715654ad7612aa490d583cb7c25fe2ff3 (git) Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < 4560db9678a2c5952b6205fbca468c6805c2ba2a (git) Affected: 6781eabba1bdb133eb9125c4acf6704ccbe4df02 , < 01fba45deaddcce0d0b01c411435d1acf6feab7b (git) Affected: 1499d39b74f5957e932639a86487ccea5a0a9740 (git) Affected: 4.4.172 , < 4.5 (semver) |
|
| Linux | Linux |
Affected:
4.7
Unaffected: 0 , < 4.7 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6ac31abd30e9fd2ef5f0819ce7f3f932be3b725",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "0de4977a1eeafe9d77701e3c031a1bcdba389243",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "9bc246018aaa3b46a7710428d0a2196c229f9d49",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "a4c67d96f92eefcfa5596a08f069e77b743c5865",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "473550e715654ad7612aa490d583cb7c25fe2ff3",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "4560db9678a2c5952b6205fbca468c6805c2ba2a",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"lessThan": "01fba45deaddcce0d0b01c411435d1acf6feab7b",
"status": "affected",
"version": "6781eabba1bdb133eb9125c4acf6704ccbe4df02",
"versionType": "git"
},
{
"status": "affected",
"version": "1499d39b74f5957e932639a86487ccea5a0a9740",
"versionType": "git"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.172",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_recover_fsync_data()\n\nWith below scripts, it will trigger panic in f2fs:\n\nmkfs.f2fs -f /dev/vdd\nmount /dev/vdd /mnt/f2fs\ntouch /mnt/f2fs/foo\nsync\necho 111 \u003e\u003e /mnt/f2fs/foo\nf2fs_io fsync /mnt/f2fs/foo\nf2fs_io shutdown 2 /mnt/f2fs\numount /mnt/f2fs\nmount -o ro,norecovery /dev/vdd /mnt/f2fs\nor\nmount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs\n\nF2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 0\nF2FS-fs (vdd): Mounted with checkpoint version = 7f5c361f\nF2FS-fs (vdd): Stopped filesystem due to reason: 0\nF2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 1\nFilesystem f2fs get_tree() didn\u0027t set fc-\u003eroot, returned 1\n------------[ cut here ]------------\nkernel BUG at fs/super.c:1761!\nOops: invalid opcode: 0000 [#1] SMP PTI\nCPU: 3 UID: 0 PID: 722 Comm: mount Not tainted 6.18.0-rc2+ #721 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vfs_get_tree.cold+0x18/0x1a\nCall Trace:\n \u003cTASK\u003e\n fc_mount+0x13/0xa0\n path_mount+0x34e/0xc50\n __x64_sys_mount+0x121/0x150\n do_syscall_64+0x84/0x800\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fa6cc126cfe\n\nThe root cause is we missed to handle error number returned from\nf2fs_recover_fsync_data() when mounting image w/ ro,norecovery or\nro,disable_roll_forward mount option, result in returning a positive\nerror number to vfs_get_tree(), fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:02:51.005Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6ac31abd30e9fd2ef5f0819ce7f3f932be3b725"
},
{
"url": "https://git.kernel.org/stable/c/0de4977a1eeafe9d77701e3c031a1bcdba389243"
},
{
"url": "https://git.kernel.org/stable/c/9bc246018aaa3b46a7710428d0a2196c229f9d49"
},
{
"url": "https://git.kernel.org/stable/c/a4c67d96f92eefcfa5596a08f069e77b743c5865"
},
{
"url": "https://git.kernel.org/stable/c/473550e715654ad7612aa490d583cb7c25fe2ff3"
},
{
"url": "https://git.kernel.org/stable/c/4560db9678a2c5952b6205fbca468c6805c2ba2a"
},
{
"url": "https://git.kernel.org/stable/c/01fba45deaddcce0d0b01c411435d1acf6feab7b"
}
],
"title": "f2fs: fix return value of f2fs_recover_fsync_data()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68769",
"datePublished": "2026-01-13T15:28:47.798Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-05-23T16:02:51.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68770 (GCVE-0-2025-68770)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:28 – Updated: 2026-05-11 21:53
VLAI
EPSS
Title
bnxt_en: Fix XDP_TX path
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix XDP_TX path
For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not
correct. __bnxt_poll_work() -> bnxt_rx_pkt() -> bnxt_rx_xdp() may be
looping within NAPI and some event flags may be set in earlier
iterations. In particular, if BNXT_TX_EVENT is set earlier indicating
some XDP_TX packets are ready and pending, it will be cleared if it is
XDP_TX action again. Normally, we will set BNXT_TX_EVENT again when we
successfully call __bnxt_xmit_xdp(). But if the TX ring has no more
room, the flag will not be set. This will cause the TX producer to be
ahead but the driver will not hit the TX doorbell.
For multi-buf XDP_TX, there is no need to clear the event flags and set
BNXT_AGG_EVENT. The BNXT_AGG_EVENT flag should have been set earlier in
bnxt_rx_pkt().
The visible symptom of this is that the RX ring associated with the
TX XDP ring will eventually become empty and all packets will be dropped.
Because this condition will cause the driver to not refill the RX ring
seeing that the TX ring has forever pending XDP_TX packets.
The fix is to only clear BNXT_RX_EVENT when we have successfully
called __bnxt_xmit_xdp().
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7f0a168b0441ef7fd6b46563efb2706c58ac2a4c , < 4b83902a1e67ff327ab5c6c65021a03e72c081d6
(git)
Affected: 7f0a168b0441ef7fd6b46563efb2706c58ac2a4c , < f17e0c1208485b24d61271bc1ddc8f2087e71561 (git) Affected: 7f0a168b0441ef7fd6b46563efb2706c58ac2a4c , < 0373d5c387f24de749cc22e694a14b3a7c7eb515 (git) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4b83902a1e67ff327ab5c6c65021a03e72c081d6",
"status": "affected",
"version": "7f0a168b0441ef7fd6b46563efb2706c58ac2a4c",
"versionType": "git"
},
{
"lessThan": "f17e0c1208485b24d61271bc1ddc8f2087e71561",
"status": "affected",
"version": "7f0a168b0441ef7fd6b46563efb2706c58ac2a4c",
"versionType": "git"
},
{
"lessThan": "0373d5c387f24de749cc22e694a14b3a7c7eb515",
"status": "affected",
"version": "7f0a168b0441ef7fd6b46563efb2706c58ac2a4c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix XDP_TX path\n\nFor XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not\ncorrect. __bnxt_poll_work() -\u003e bnxt_rx_pkt() -\u003e bnxt_rx_xdp() may be\nlooping within NAPI and some event flags may be set in earlier\niterations. In particular, if BNXT_TX_EVENT is set earlier indicating\nsome XDP_TX packets are ready and pending, it will be cleared if it is\nXDP_TX action again. Normally, we will set BNXT_TX_EVENT again when we\nsuccessfully call __bnxt_xmit_xdp(). But if the TX ring has no more\nroom, the flag will not be set. This will cause the TX producer to be\nahead but the driver will not hit the TX doorbell.\n\nFor multi-buf XDP_TX, there is no need to clear the event flags and set\nBNXT_AGG_EVENT. The BNXT_AGG_EVENT flag should have been set earlier in\nbnxt_rx_pkt().\n\nThe visible symptom of this is that the RX ring associated with the\nTX XDP ring will eventually become empty and all packets will be dropped.\nBecause this condition will cause the driver to not refill the RX ring\nseeing that the TX ring has forever pending XDP_TX packets.\n\nThe fix is to only clear BNXT_RX_EVENT when we have successfully\ncalled __bnxt_xmit_xdp()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:53:00.881Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b83902a1e67ff327ab5c6c65021a03e72c081d6"
},
{
"url": "https://git.kernel.org/stable/c/f17e0c1208485b24d61271bc1ddc8f2087e71561"
},
{
"url": "https://git.kernel.org/stable/c/0373d5c387f24de749cc22e694a14b3a7c7eb515"
}
],
"title": "bnxt_en: Fix XDP_TX path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68770",
"datePublished": "2026-01-13T15:28:48.604Z",
"dateReserved": "2025-12-24T10:30:51.035Z",
"dateUpdated": "2026-05-11T21:53:00.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68771 (GCVE-0-2025-68771)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:28 – Updated: 2026-05-11 21:53
VLAI
EPSS
Title
ocfs2: fix kernel BUG in ocfs2_find_victim_chain
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix kernel BUG in ocfs2_find_victim_chain
syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the
`cl_next_free_rec` field of the allocation chain list (next free slot in
the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec)
condition in ocfs2_find_victim_chain() and panicking the kernel.
To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(),
just before calling ocfs2_find_victim_chain(), the code block in it being
executed when either of the following conditions is true:
1. `cl_next_free_rec` is equal to 0, indicating that there are no free
chains in the allocation chain list
2. `cl_next_free_rec` is greater than `cl_count` (the total number of
chains in the allocation chain list)
Either of them being true is indicative of the fact that there are no
chains left for usage.
This is addressed using ocfs2_error(), which prints
the error log for debugging purposes, rather than panicking the kernel.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < 1f77e5cd563e6387fdf3bb714fcda36cd88ac5e7
(git)
Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < d0fd1f732ea8063cecd07a3879b7d815c7ee71ed (git) Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < b08a33d5f80efe6979a6e8f905c1a898910c21dd (git) Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < 96f1b074c98c20f55a3b23d2ab44d9fb0f619869 (git) Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < e24aedae71652d4119049f1fbef6532ccbe3966d (git) Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < 7acc0390e0dd7474c4451d05465a677d55ad4268 (git) Affected: ccd979bdbce9fba8412beb3f1de68a9d0171b12c , < 039bef30e320827bac8990c9f29d2a68cd8adb5f (git) |
|
| Linux | Linux |
Affected:
2.6.16
Unaffected: 0 , < 2.6.16 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/suballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f77e5cd563e6387fdf3bb714fcda36cd88ac5e7",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "d0fd1f732ea8063cecd07a3879b7d815c7ee71ed",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "b08a33d5f80efe6979a6e8f905c1a898910c21dd",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "96f1b074c98c20f55a3b23d2ab44d9fb0f619869",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "e24aedae71652d4119049f1fbef6532ccbe3966d",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "7acc0390e0dd7474c4451d05465a677d55ad4268",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
},
{
"lessThan": "039bef30e320827bac8990c9f29d2a68cd8adb5f",
"status": "affected",
"version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/suballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.16"
},
{
"lessThan": "2.6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix kernel BUG in ocfs2_find_victim_chain\n\nsyzbot reported a kernel BUG in ocfs2_find_victim_chain() because the\n`cl_next_free_rec` field of the allocation chain list (next free slot in\nthe chain list) is 0, triggring the BUG_ON(!cl-\u003ecl_next_free_rec)\ncondition in ocfs2_find_victim_chain() and panicking the kernel.\n\nTo fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(),\njust before calling ocfs2_find_victim_chain(), the code block in it being\nexecuted when either of the following conditions is true:\n\n1. `cl_next_free_rec` is equal to 0, indicating that there are no free\nchains in the allocation chain list\n2. `cl_next_free_rec` is greater than `cl_count` (the total number of\nchains in the allocation chain list)\n\nEither of them being true is indicative of the fact that there are no\nchains left for usage.\n\nThis is addressed using ocfs2_error(), which prints\nthe error log for debugging purposes, rather than panicking the kernel."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:53:02.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f77e5cd563e6387fdf3bb714fcda36cd88ac5e7"
},
{
"url": "https://git.kernel.org/stable/c/d0fd1f732ea8063cecd07a3879b7d815c7ee71ed"
},
{
"url": "https://git.kernel.org/stable/c/b08a33d5f80efe6979a6e8f905c1a898910c21dd"
},
{
"url": "https://git.kernel.org/stable/c/96f1b074c98c20f55a3b23d2ab44d9fb0f619869"
},
{
"url": "https://git.kernel.org/stable/c/e24aedae71652d4119049f1fbef6532ccbe3966d"
},
{
"url": "https://git.kernel.org/stable/c/7acc0390e0dd7474c4451d05465a677d55ad4268"
},
{
"url": "https://git.kernel.org/stable/c/039bef30e320827bac8990c9f29d2a68cd8adb5f"
}
],
"title": "ocfs2: fix kernel BUG in ocfs2_find_victim_chain",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68771",
"datePublished": "2026-01-13T15:28:49.272Z",
"dateReserved": "2025-12-24T10:30:51.035Z",
"dateUpdated": "2026-05-11T21:53:02.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68772 (GCVE-0-2025-68772)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:28 – Updated: 2026-05-11 21:53
VLAI
EPSS
Title
f2fs: fix to avoid updating compression context during writeback
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid updating compression context during writeback
Bai, Shuangpeng <sjb7183@psu.edu> reported a bug as below:
Oops: divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:f2fs_all_cluster_page_ready+0x106/0x550 fs/f2fs/compress.c:857
Call Trace:
<TASK>
f2fs_write_cache_pages fs/f2fs/data.c:3078 [inline]
__f2fs_write_data_pages fs/f2fs/data.c:3290 [inline]
f2fs_write_data_pages+0x1c19/0x3600 fs/f2fs/data.c:3317
do_writepages+0x38e/0x640 mm/page-writeback.c:2634
filemap_fdatawrite_wbc mm/filemap.c:386 [inline]
__filemap_fdatawrite_range mm/filemap.c:419 [inline]
file_write_and_wait_range+0x2ba/0x3e0 mm/filemap.c:794
f2fs_do_sync_file+0x6e6/0x1b00 fs/f2fs/file.c:294
generic_write_sync include/linux/fs.h:3043 [inline]
f2fs_file_write_iter+0x76e/0x2700 fs/f2fs/file.c:5259
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7e9/0xe00 fs/read_write.c:686
ksys_write+0x19d/0x2d0 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf7/0x470 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The bug was triggered w/ below race condition:
fsync setattr ioctl
- f2fs_do_sync_file
- file_write_and_wait_range
- f2fs_write_cache_pages
: inode is non-compressed
: cc.cluster_size =
F2FS_I(inode)->i_cluster_size = 0
- tag_pages_for_writeback
- f2fs_setattr
- truncate_setsize
- f2fs_truncate
- f2fs_fileattr_set
- f2fs_setflags_common
- set_compress_context
: F2FS_I(inode)->i_cluster_size = 4
: set_inode_flag(inode, FI_COMPRESSED_FILE)
- f2fs_compressed_file
: return true
- f2fs_all_cluster_page_ready
: "pgidx % cc->cluster_size" trigger dividing 0 issue
Let's change as below to fix this issue:
- introduce a new atomic type variable .writeback in structure f2fs_inode_info
to track the number of threads which calling f2fs_write_cache_pages().
- use .i_sem lock to protect .writeback update.
- check .writeback before update compression context in f2fs_setflags_common()
to avoid race w/ ->writepages.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < ad26bfbc085c939b5dca77ff8c14798c06d151c4
(git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < bcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0 (git) Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 0bf1a02494c7eb5bd43445de4c83c8592e02c4bf (git) Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 0df713a9c082a474c8b0bcf670edc8e98461d5a0 (git) Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c",
"fs/f2fs/f2fs.h",
"fs/f2fs/file.c",
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad26bfbc085c939b5dca77ff8c14798c06d151c4",
"status": "affected",
"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
"versionType": "git"
},
{
"lessThan": "bcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0",
"status": "affected",
"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
"versionType": "git"
},
{
"lessThan": "0bf1a02494c7eb5bd43445de4c83c8592e02c4bf",
"status": "affected",
"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
"versionType": "git"
},
{
"lessThan": "0df713a9c082a474c8b0bcf670edc8e98461d5a0",
"status": "affected",
"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
"versionType": "git"
},
{
"lessThan": "10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76",
"status": "affected",
"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c",
"fs/f2fs/f2fs.h",
"fs/f2fs/file.c",
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid updating compression context during writeback\n\nBai, Shuangpeng \u003csjb7183@psu.edu\u003e reported a bug as below:\n\nOops: divide error: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:f2fs_all_cluster_page_ready+0x106/0x550 fs/f2fs/compress.c:857\nCall Trace:\n \u003cTASK\u003e\n f2fs_write_cache_pages fs/f2fs/data.c:3078 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3290 [inline]\n f2fs_write_data_pages+0x1c19/0x3600 fs/f2fs/data.c:3317\n do_writepages+0x38e/0x640 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc mm/filemap.c:386 [inline]\n __filemap_fdatawrite_range mm/filemap.c:419 [inline]\n file_write_and_wait_range+0x2ba/0x3e0 mm/filemap.c:794\n f2fs_do_sync_file+0x6e6/0x1b00 fs/f2fs/file.c:294\n generic_write_sync include/linux/fs.h:3043 [inline]\n f2fs_file_write_iter+0x76e/0x2700 fs/f2fs/file.c:5259\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x7e9/0xe00 fs/read_write.c:686\n ksys_write+0x19d/0x2d0 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf7/0x470 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe bug was triggered w/ below race condition:\n\nfsync\t\t\t\tsetattr\t\t\tioctl\n- f2fs_do_sync_file\n - file_write_and_wait_range\n - f2fs_write_cache_pages\n : inode is non-compressed\n : cc.cluster_size =\n F2FS_I(inode)-\u003ei_cluster_size = 0\n - tag_pages_for_writeback\n\t\t\t\t- f2fs_setattr\n\t\t\t\t - truncate_setsize\n\t\t\t\t - f2fs_truncate\n\t\t\t\t\t\t\t- f2fs_fileattr_set\n\t\t\t\t\t\t\t - f2fs_setflags_common\n\t\t\t\t\t\t\t - set_compress_context\n\t\t\t\t\t\t\t : F2FS_I(inode)-\u003ei_cluster_size = 4\n\t\t\t\t\t\t\t : set_inode_flag(inode, FI_COMPRESSED_FILE)\n - f2fs_compressed_file\n : return true\n - f2fs_all_cluster_page_ready\n : \"pgidx % cc-\u003ecluster_size\" trigger dividing 0 issue\n\nLet\u0027s change as below to fix this issue:\n- introduce a new atomic type variable .writeback in structure f2fs_inode_info\nto track the number of threads which calling f2fs_write_cache_pages().\n- use .i_sem lock to protect .writeback update.\n- check .writeback before update compression context in f2fs_setflags_common()\nto avoid race w/ -\u003ewritepages."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:53:03.304Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad26bfbc085c939b5dca77ff8c14798c06d151c4"
},
{
"url": "https://git.kernel.org/stable/c/bcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0"
},
{
"url": "https://git.kernel.org/stable/c/0bf1a02494c7eb5bd43445de4c83c8592e02c4bf"
},
{
"url": "https://git.kernel.org/stable/c/0df713a9c082a474c8b0bcf670edc8e98461d5a0"
},
{
"url": "https://git.kernel.org/stable/c/10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76"
}
],
"title": "f2fs: fix to avoid updating compression context during writeback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68772",
"datePublished": "2026-01-13T15:28:49.924Z",
"dateReserved": "2025-12-24T10:30:51.035Z",
"dateUpdated": "2026-05-11T21:53:03.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…