CVE-2025-68366

🗓️ 25 Dec 2025 15:44:46Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 1 Views

Linux kernel vulnerability in nbd_genl_connect caused use-after-free on NBD_CMD_CONNECT and NBD_CLEAR_SOCK.

Reporter	Title	Published	Views	Family All 257
ATTACKERKB	CVE-2025-68366	24 Dec 202510:32	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1430)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1494)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-113 (ALASKERNEL-5.10-2026-113)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-098 (ALASKERNEL-5.15-2026-098)	6 Mar 202600:00	–	nessus
Tenable Nessus	Debian dla-4475 : ata-modules-5.10.0-35-armmp-di - security update	11 Feb 202600:00	–	nessus
Tenable Nessus	Debian dla-4476 : linux-config-6.1 - security update	11 Feb 202600:00	–	nessus
Tenable Nessus	Debian dsa-6127 : affs-modules-6.1.0-37-4kc-malta-di - security update	9 Feb 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1244)	10 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1280)	10 Mar 202600:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-68366
lore	www.lore.kernel.org/linux-cve-announce/2025122459-CVE-2025-68366-b367@gregkh/T
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

25 Dec 2025 16:11Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.5

EPSS0.00066

Linux kernel Network Block Device use after free genl connect config reference refcount issue