CVE-2025-68228
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's drm/plane component, specifically in the create_in_format_blob() function. The function is supposed to return either a valid pointer or an error, but never NULL. However, it could return NULL, which causes the caller to dereference a NULL pointer, leading to a kernel oops (crash). The fix ensures that proper error values are returned instead of NULL in failure cases.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the Linux kernel to crash (kernel oops) due to dereferencing a NULL pointer. This can lead to system instability or denial of service.
What immediate steps should I take to mitigate this vulnerability?
Apply the latest Linux kernel update that includes the fix for the drm/plane create_in_format_blob() function to ensure it returns proper error values instead of NULL, preventing kernel oops. Until the patch is applied, avoid using vulnerable kernel versions.