UBUNTU-CVE-2025-68305

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...

EUVD-2025-203669

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

EUVD-2025-203650

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

CVE-2025-68246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

CVE-2025-68246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

UBUNTU-CVE-2025-68246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

CVE-2025-68305

CVE-2025-68305 is in the Linux kernel Bluetooth subsystem. It describes a race between sock bind and the Mgmt socket write path (mgmt_pending) that could lead to a use-after-free when a command is freed before a write iter completes. The root cause is a race between sock bind and socket write ite...

CVE-2025-68305 Bluetooth: hci_sock: Prevent race in socket write iter and sock bind

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...

CVE-2025-68305 Bluetooth: hci_sock: Prevent race in socket write iter and sock bind

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...

CVE-2025-68246

Technical details for CVE-2025-68246 are not publicly provided in the connected documents. Monitor for updates.

CVE-2025-68246 ksmbd: close accepted socket when per-IP limit rejects connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

CVE-2025-68246 ksmbd: close accepted socket when per-IP limit rejects connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...

CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

UBUNTU-CVE-2025-40350

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...

UBUNTU-CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

CVE-2025-68234 io_uring/cmd_net: fix wrong argument types for skb_queue_splice()

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fix wrong argument types for skbqueuesplice If timestamp retriving needs to be retried and the local list of SKB's already has entries, then it's spliced back into the socket queue. However, the arguments for the...

CVE-2025-68227 mptcp: Fix proto fallback detection with BPF

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

CVE-2025-68169 netpoll: Fix deadlock in memory allocation under spinlock

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix deadlock in memory allocation under spinlock Fix a AA deadlock in refillskbs where memory allocation while holding skbpool-lock can trigger a recursive lock acquisition attempt. The deadlock scenario occurs when the...

CVE-2025-40350 net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...