CVE-2025-68191
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's udp_tunnel component using netdev_WARN(), which triggers a kernel warning with a backtrace when udp_tunnel_nic_register() fails. However, such failure is a normal runtime error (like memory allocation failure) and not a kernel bug. The fix replaces netdev_WARN() with netdev_warn() to avoid unnecessary kernel warnings for expected errors.
How can this vulnerability impact me? :
The impact is that the Linux kernel might produce unnecessary kernel warnings and backtraces for normal runtime errors in udp_tunnel_nic_register(), which could cause confusion or noise in system logs but does not indicate a kernel bug or cause a system failure.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the udp_tunnel component uses netdev_warn() instead of netdev_WARN(), as this change addresses the issue by preventing unnecessary kernel warnings caused by normal runtime errors. This involves applying the patch or upgrading to the fixed kernel release.