PT-2025-51670 · Linux+3 · Linux Kernel+3

Published

2025-12-16

·

Updated

2026-05-11

·

CVE-2025-68257

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw related to handling device attachment status within compatible IOCTL handlers. Specifically, sanity checks for a device's attached status are missing in modified, compatible versions of standard IOCTL handlers. This can lead to calls to IOCTLs on improperly configured devices, potentially resulting in a kernel crash due to the invocation of functions like get valid routes() without a valid callback being set. The issue appears to affect i386 kernels. The vulnerability was identified through Syzbot reports, which indicated a kernel NULL pointer dereference. The affected functions include get valid routes(), parse insn(), do insnlist ioctl(), comedi compat ioctl(), and do compat sys ioctl().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Related Identifiers

CVE-2025-68257
ECHO-0FFC-4EF0-43F8
OPENSUSE-SU-2025:15836-1
OPENSUSE-SU-2026:10301-1
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu