CVE-2025-68243 — Improper Certificate Validation in Linux

CWE-295 — Improper Certificate Validation16 documents7 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 94.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 16

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the client's identity, as presented to the server.

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.17.0 — 6.17.9

▶Debianlinux/linux_kernel< 6.17.9-1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linux90c9550a8d65fb9b1bf87baf97a04ed91bf61b33 — b8fa37219074811c04d4ecb742c73e2b296da6a8+2

▶debiandebian/linux< linux 6.17.9-1 (forky)

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: NFS: Check the TLS certificate fields in nfs_match_client()↗2025-12-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68243 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶