CVE-2025-68353NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedDec 24
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:vxlan_xmit_one+0xbb3/0x1580 Call Trace: vxlan_xmit+0x429/0x610 dev_hard_start_xmit+0x55/0xa0 __dev_queue_xmi

Affected Packages7 packages

Linuxlinux/linux_kernel6.7.06.18.2
Debianlinux/linux_kernel< 6.18.3-1
CVEListV5linux/linux6f19b2c136d98a84d79030b53e23d405edfdc7834ac26aafdc8c7271414e2e7c0b2cb266a26591bc+2
debiandebian/linux< linux 6.18.3-1 (forky)

🔴Vulnerability Details

3
OSV
net: vxlan: prevent NULL deref in vxlan_xmit_one2025-12-24
OSV
CVE-2025-68353: In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers2025-12-24
GHSA
GHSA-cff3-j257-7hf4: In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointer2025-12-24

📋Vendor Advisories

5
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Red Hat
kernel: Kernel: Denial of Service via NULL pointer dereference in VXLAN module2025-12-24
Debian
CVE-2025-68353: linux - In the Linux kernel, the following vulnerability has been resolved: net: vxlan:...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68353 Impact, Exploitability, and Mitigation Steps | Wiz