CVE-2025-68359Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference19 documents7 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24
Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_head(). This could happen if the record was reported to already exist in the btrfs_qgroup_trace_extent_nolock() call, but then there was an error later on add_delayed_ref_head(). In this case, since add_delayed_ref_head() returned an error, the c

Affected Packages5 packages

Linuxlinux/linux_kernel6.12.06.17.13+1
Debianlinux/linux_kernel< 6.17.13-1
Ubuntulinux/linux_kernel< 6.17.0-19.19
CVEListV5linux/linux6ef8fbce010421bf742b12b8f8f2b2d2ff1548457617680769e3119dfb3b43a2b7c287ce2242211c+3
debiandebian/linux< linux 6.17.13-1 (forky)

🔴Vulnerability Details

9
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-realtime-6.17 vulnerabilities2026-03-23
OSV
linux-gcp-6.17, linux-realtime vulnerabilities2026-03-17

📋Vendor Advisories

8
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-03-23
Ubuntu
Linux kernel vulnerabilities2026-03-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68359 Impact, Exploitability, and Mitigation Steps | Wiz