CVE-2025-68309 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aer_info The kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx will result in kernel panic. Fix it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0a27bdb14b028fed30a10cec2f945c38cb5ca4fa
https://git.kernel.org/stable/c/6618243bcc3f60825f761a41ed65fef9fe97eb25

History

Tue, 16 Dec 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aer_info The kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx will result in kernel panic. Fix it.
Title		PCI/AER: Fix NULL pointer access by aer_info
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a27bdb14b028fed30a10cec2f945c38cb5ca4fa https://git.kernel.org/stable/c/6618243bcc3f60825f761a41ed65fef9fe97eb25

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T15:39:40.757Z

Updated: 2025-12-16T15:39:40.757Z

Reserved: 2025-12-16T14:48:05.294Z

Link: CVE-2025-68309

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T16:16:10.447

Modified: 2025-12-16T16:16:10.447

Link: CVE-2025-68309

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68309", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T14:48:05.294Z", "datePublished": "2025-12-16T15:39:40.757Z", "dateUpdated": "2025-12-16T15:39:40.757Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T15:39:40.757Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/AER: Fix NULL pointer access by aer_info\n\nThe kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx\nwill result in kernel panic. Fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/pcie/aer.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6618243bcc3f60825f761a41ed65fef9fe97eb25", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0a27bdb14b028fed30a10cec2f945c38cb5ca4fa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/pcie/aer.c"], "versions": [{"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6618243bcc3f60825f761a41ed65fef9fe97eb25"}, {"url": "https://git.kernel.org/stable/c/0a27bdb14b028fed30a10cec2f945c38cb5ca4fa"}], "title": "PCI/AER: Fix NULL pointer access by aer_info", "x_generator": {"engine": "bippy-1.2.0"}}}}