CVE-2025-68303Out-of-bounds Write in Linux

53 documents8 sources
Severity
7.8HIGHOSV
OSV7.2OSV3.2
No vector
EPSS
0.0%
top 85.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 16
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). This means that the: complete(&ipcdev->cmd_complete); in intel_punit_ioc() will write to a wrong memory address corrupting it.

Affected Packages7 packages

Linuxlinux/linux_kernel4.5.05.15.197+4
Debianlinux/linux_kernel< 6.1.159-1+2
Ubuntulinux/linux_kernel< 5.15.0-173.183+2
CVEListV5linux/linuxfdca4f16f57da76a8e68047923588a87d1c01f0a15d560cdf5b36c51fffec07ac2a983ab3bff4cb2+6

🔴Vulnerability Details

24
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01

🕵️Threat Intelligence

1
Wiz
CVE-2025-68303 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-68303 — Out-of-bounds Write in Linux | cvebase