PT-2026-2533 · Linux+2 · Linux Kernel+2

Published

2025-12-02

·

Updated

2026-05-26

·

CVE-2025-68801

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc4-virtme-g36b21a067510
Description The Linux kernel contains a use-after-free flaw within the mlxsw spectrum router component. This issue occurs when dereferencing a neighbour, potentially leading to system instability. The problem stems from storing a pointer to a neighbour without maintaining a reference to it, and a reference is only taken when the neighbour is used by a nexthop. The fix simplifies the reference counting scheme by always taking a reference when storing a neighbour pointer in a neighbour entry, and avoiding taking a reference when the neighbour is used by a nexthop as the nexthop entry already holds a reference.
Recommendations Update to a version later than 6.18.0-rc4-virtme-g36b21a067510.

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-911CWE-416

Related Identifiers

AZL-74366
BDU:2026-00716
CVE-2025-68801
ECHO-82C7-3FE6-FDCE
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1275
OESA-2026-1303
OESA-2026-1304
OESA-2026-1305
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu