CVE-2025-68376

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the coresight ETR (Embedded Trace Register) component. Specifically, when ETR is enabled in CS MODE SYSFS and the buffer size is modified and re-enabled, the etr buf pointer may continue to point to previously freed memory (buf old) instead of the newly allocated memory (buf new). This can lead to a memory use-after-free condition. The issue occurs when updating and releasing buf old while the ETR is in CS MODE SYSFS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-04222

CVE-2025-68376

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:10039-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68376

Weakness Enumeration

Related Identifiers

Affected Products

References · 967