CVE-2025-68746 — Expired Pointer Dereference in Linux

CWE-825 — Expired Pointer Dereference41 documents8 sources

Severity

7.8HIGHOSV

OSV7.2OSV4.7

No vector

EPSS

0.1%

top 83.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +9 more

Timeline

PublishedDec 24

Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached. While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory. To avoid this…

Affected Packages14 packages

▶Linuxlinux/linux_kernel5.12.0 — 5.15.198+5

▶Debianlinux/linux_kernel< 6.1.162-1+2

▶Ubuntulinux/linux_kernel< 5.15.0-173.183+1

▶msrcmsrc/azl3_kernel_6.6.117.1-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.119.3-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

linux-oem-6.17 vulnerabilities↗2026-04-06

▶

OSV

linux-raspi vulnerabilities↗2026-04-01

▶

OSV

linux-raspi vulnerabilities↗2026-04-01

▶

OSV

linux-azure, linux-azure-6.17 vulnerabilities↗2026-03-25

▶

OSV

linux-intel-iot-realtime vulnerabilities↗2026-03-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel vulnerabilities↗2026-04-16

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-04-13

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68746 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶