CVE-2025-68236Missing Synchronization in Linux

CWE-820Missing Synchronization20 documents8 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 16
Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Power_Condition=3 and await a response. - Asserting RST_N low. - Turning off REF_CLK. - Turning off VCC. - Turning off VCCQ/VCCQ2. As part of ufs shutdown, after the SSU command completion, asserting hardware reset (HWRST) triggers the device

Affected Packages7 packages

Linuxlinux/linux_kernel5.12.06.17.10
Debianlinux/linux_kernel< 6.17.10-1
Ubuntulinux/linux_kernel< 6.17.0-19.19

🔴Vulnerability Details

9
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-realtime-6.17 vulnerabilities2026-03-23
OSV
linux-gcp-6.17, linux-realtime vulnerabilities2026-03-17

📋Vendor Advisories

9
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-03-23
Ubuntu
Linux kernel vulnerabilities2026-03-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68236 Impact, Exploitability, and Mitigation Steps | Wiz