CVE-2025-68338 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-23 | Updated 2025-12-23 | Assigner Linux

Product status

Default status

unaffected

cc13ab18b201ab630f03511060ba289b70052959 (git) before 9428654c827fa8d38b898135d26d39ee2d544246

affected

cc13ab18b201ab630f03511060ba289b70052959 (git) before 32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0

affected

cc13ab18b201ab630f03511060ba289b70052959 (git) before 25b62cc5b22c45face094ae3e8717258e46d1d19

affected

Default status

affected

6.3

affected

Any version before 6.3

unaffected

6.12.61 (semver)

unaffected

6.17.11 (semver)

unaffected

6.18 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/9428654c827fa8d38b898135d26d39ee2d544246

git.kernel.org/...c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0

git.kernel.org/...c/25b62cc5b22c45face094ae3e8717258e46d1d19

cve.org (CVE-2025-68338)

nvd.nist.gov (CVE-2025-68338)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu