CVE-2025-68338

Published: Dec 23, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports.

Vendor	Product	Versions
Linux	Linux	affected `cc13ab18b201ab630f03511060ba289b70052959 - < 9428654c827fa8d38b898135d26d39ee2d544246` affected `cc13ab18b201ab630f03511060ba289b70052959 - < 32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0` affected `cc13ab18b201ab630f03511060ba289b70052959 - < 25b62cc5b22c45face094ae3e8717258e46d1d19`
Linux	Linux	affected `6.3` unaffected `0 - < 6.3` unaffected `6.12.61 - <= 6.12.` unaffected `6.17.11 - <= 6.17.` unaffected `6.18 - <= *`

References

https://git.kernel.org/stable/c/9428654c827fa8d38b898135d26d39ee2d544246

https://git.kernel.org/stable/c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0

https://git.kernel.org/stable/c/25b62cc5b22c45face094ae3e8717258e46d1d19

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-68338

Description

Affected Products

References