CVE-2025-68366

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the nbd genl connect function. This occurs when handling NBD CMD CONNECT and NBD CLEAR SOCK operations, specifically related to the config refs counter. The issue arises from a potential race condition where the configuration reference count is decremented to zero before it is used, leading to a use-after-free condition. A delay introduced before incrementing the reference count in nbd genl connect() can reproduce the problem. The vulnerable function is nbd genl connect().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

AZL-73081

BDU:2026-01158

CVE-2025-68366

ECHO-A7DE-FB68-1552

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:10039-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8152-1

USN-8163-1

USN-8163-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8243-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68366

Weakness Enumeration

Related Identifiers

Affected Products

References · 2858