CVE-2025-68338 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/25b62cc5b22c45face094ae3e8717258e46d1d19
https://git.kernel.org/stable/c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0
https://git.kernel.org/stable/c/9428654c827fa8d38b898135d26d39ee2d544246

History

Tue, 23 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports.
Title		net: dsa: microchip: Don't free uninitialized ksz_irq
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/25b62cc5b22c45face094ae3e8717258e46d1d19 https://git.kernel.org/stable/c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0 https://git.kernel.org/stable/c/9428654c827fa8d38b898135d26d39ee2d544246

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-23T13:58:24.121Z

Updated: 2025-12-23T13:58:24.121Z

Reserved: 2025-12-16T14:48:05.297Z

Link: CVE-2025-68338

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-23T14:16:40.373

Modified: 2025-12-23T14:51:52.650

Link: CVE-2025-68338

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68338", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T14:48:05.297Z", "datePublished": "2025-12-23T13:58:24.121Z", "dateUpdated": "2025-12-23T13:58:24.121Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-23T13:58:24.121Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: microchip: Don't free uninitialized ksz_irq\n\nIf something goes wrong at setup, ksz_irq_free() can be called on\nuninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It\nleads to freeing uninitialized IRQ numbers and/or domains.\n\nUse dsa_switch_for_each_user_port_continue_reverse() in the error path\nto iterate only over the fully initialized ports."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/dsa/microchip/ksz_common.c"], "versions": [{"version": "cc13ab18b201ab630f03511060ba289b70052959", "lessThan": "9428654c827fa8d38b898135d26d39ee2d544246", "status": "affected", "versionType": "git"}, {"version": "cc13ab18b201ab630f03511060ba289b70052959", "lessThan": "32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0", "status": "affected", "versionType": "git"}, {"version": "cc13ab18b201ab630f03511060ba289b70052959", "lessThan": "25b62cc5b22c45face094ae3e8717258e46d1d19", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/dsa/microchip/ksz_common.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.61", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.11", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.12.61"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.17.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9428654c827fa8d38b898135d26d39ee2d544246"}, {"url": "https://git.kernel.org/stable/c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0"}, {"url": "https://git.kernel.org/stable/c/25b62cc5b22c45face094ae3e8717258e46d1d19"}], "title": "net: dsa: microchip: Don't free uninitialized ksz_irq", "x_generator": {"engine": "bippy-1.2.0"}}}}