CVE-2025-68228

Linux Kernel 6.16-6.17.10 - Denial of Service via create_in_format_blob() NULL Return

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fix create_in_format_blob() return value create_in_format_blob() is either supposed to return a valid pointer or an error, but never NULL. The caller will dereference the blob when it is not an error, and thus will oops if NULL returned. Return proper error values in the failure cases.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/860f93f4fce1e733b8a2474f6bfa153243d775f3

Patch

https://git.kernel.org/stable/c/cead55e24cf9e092890cf51c0548eccd7569defa

Scores

EPSS 0.0003

EPSS Percentile 7.8%

Details

Status published

Products (7)

linux/Kernel 6.16.0 - 6.17.10linux

Linux/Linux < 6.16

Linux/Linux 0d6dcd741c266389bbf0a8758f537b3a171ac32a - 860f93f4fce1e733b8a2474f6bfa153243d775f3

Linux/Linux 0d6dcd741c266389bbf0a8758f537b3a171ac32a - cead55e24cf9e092890cf51c0548eccd7569defa

Linux/Linux 6.16

Linux/Linux 6.17.10 - 6.17.*

Linux/Linux 6.18

Published Dec 16, 2025

Tracked Since Feb 18, 2026