CVE-2025-68779Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 13

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 2 PID: 1694 at lib/refcount.c:28 refcount_warn_saturate+0xd8/0xe0 [...] mlx5e_psp_unregister+0x26/0x50 [mlx5_core] mlx5e_nic_cleanup+

Affected Packages3 packages

Linuxlinux/linux_kernel6.18.06.18.3
CVEListV5linux/linux89ee2d92f66c45625ff1c173df2dbdea32568c5de12c912f92ccea671b514caf371f28485714bb4b+2
debiandebian/linux

🔴Vulnerability Details

3
GHSA
GHSA-7crx-7pfp-hg6j: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_re2026-01-13
OSV
CVE-2025-68779: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remo2026-01-13
OSV
net/mlx5e: Avoid unregistering PSP twice2026-01-13

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Avoid unregistering PSP twice2026-01-13
Debian
CVE-2025-68779: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68779 Impact, Exploitability, and Mitigation Steps | Wiz