DEBIAN-CVE-2025-68338

DEBIAN-CVE-2025-68338 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 6.12.38-1, 6.12.41-1
Debian:14	linux	6.13.6-1~exp1, 6.13.7-1~exp1, 6.13.8-1~exp1

Timeline

Dec 23, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-68338 advisory

Open in Interactive Console →