CVE-2025-68231Buffer Access with Incorrect Length Value in Linux

CWE-805Buffer Access with Incorrect Length Value37 documents8 sources
Severity
7.2HIGHOSV
OSV3.2
No vector
EPSS
0.1%
top 84.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 16
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: mm/mempool: fix poisoning order>0 pages with HIGHMEM The kernel test has reported: BUG: unable to handle page fault for address: fffba000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page *pde = 03171067 *pte = 00000000 Oops: Oops: 0002 [#1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca Tainted: [T]=RANDSTR

Affected Packages7 packages

Linuxlinux/linux_kernel4.1.06.1.159+3
Debianlinux/linux_kernel< 6.1.159-1+2
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
debiandebian/linux< linux 6.1.159-1 (bookworm)

🔴Vulnerability Details

17
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-azure-6.8 vulnerabilities2026-03-25

📋Vendor Advisories

18
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25

🕵️Threat Intelligence

1
Wiz
CVE-2025-68231 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-68231 — Linux vulnerability | cvebase