CVE-2025-68199 — Insufficient Control Flow Management in Linux

CWE-691 — Insufficient Control Flow Management16 documents7 sources

Severity

5.8MEDIUM

No vector

EPSS

0.0%

top 90.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 16

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts_alloc() to mark all objects in the vector as empty. As a result all objects in this slab (slabA) will have their extensions set to CODETAG_EMPTY. Later on if this slabA is used to allocate a slabobj_ext vector for anot…

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.10.0 — 6.12.59+1

▶Debianlinux/linux_kernel< 6.12.63-1+1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linux09c46563ff6d5f090211e48ff1fdba0ec7f4c97f — fc6acd4cddf76e7eb7db63649fe36980ce208f56+3

▶debiandebian/linux< linux 6.17.9-1 (forky)

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext↗2025-12-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68199 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶