VDB
CVE-2025-68731
CVE-2025-68731
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() The unpublished smatch static checker reported a warning. drivers/accel/amdxdna/aie2_pci.c:904 aie2_query_ctx_status_array() warn: potential user controlled sizeof overflow 'args->num_element * args->element_size' '1-u32max(user) * 1-u32max(user)' Even this will not cause a real issue, it is better to put a reasonable limitation for element_size and num_element. Add condition to make sure the input element_size <= 4K and num_element <= 1K.
EPSS 0.03% · 9.1th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.03%
9.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.19, 2f509fe6a42cda845890273fe759fb7ba9edad97, 6.18 |
| linux | linux_kernel | 6.18, 6.18, 6.18 |
Timeline
- Dec 24, 2025 EPSS Score
- Dec 24, 2025 CVE ID Reserved
- Dec 24, 2025 CVE Published
- Dec 28, 2025 EPSS Score
- Dec 31, 2025 EPSS Score
- Jan 4, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
- Jan 15, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 23, 2026 EPSS Score
- Jan 26, 2026 EPSS Score