CVE-2025-68804Linux vulnerability

30 documents7 sources
Severity
7.8HIGHOSV
No vector
EPSS
0.1%
top 83.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn't unregister the EC device in .remove() which should shutdown sub-devices synchronously. Fix it.

Affected Packages16 packages

Linuxlinux/linux_kernel5.3.05.10.248+5
Debianlinux/linux_kernel< 5.10.249-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183
CVEListV5linux/linux26a14267aff218c60b89007fdb44ca392ba6122c27037916db38e6b78a0242031d3b93d997b84020+7
debiandebian/linux< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

10
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-intel-iot-realtime vulnerabilities2026-03-23
OSV
linux-nvidia-tegra-igx vulnerabilities2026-03-23
OSV
linux-realtime vulnerabilities2026-03-17
OSV
linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities2026-03-17

📋Vendor Advisories

18
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68804 Impact, Exploitability, and Mitigation Steps | Wiz