What is CVE-2025-68192?

CVE-2025-68192 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.12 onward and patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-68192 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68192?

CVE-2025-68192 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68192?

Yes, CVE-2025-68192 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 4.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68192 actively exploited?

CVE-2025-68192 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68192

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due to strict alignment checks. Initialize the MAC header to prevent such crashes. This can trigger kernel panics on ARM when running IPsec over the qmimux0 interface. Example trace: Internal error: Oops: 000000009600004f [#1] SMP CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1 Hardware name: LS1028A RDB Board (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xfrm_input+0xde8/0x1318 lr : xfrm_input+0x61c/0x1318 sp : ffff800080003b20 Call trace: xfrm_input+0xde8/0x1318 xfrm6_rcv+0x38/0x44 xfrm6_esp_rcv+0x48/0xa8 ip6_protocol_deliver_rcu+0x94/0x4b0 ip6_input_finish+0x44/0x70 ip6_input+0x44/0xc0 ipv6_rcv+0x6c/0x114 __netif_receive_skb_one_core+0x5c/0x8c __netif_receive_skb+0x18/0x60 process_backlog+0x78/0x17c __napi_poll+0x38/0x180 net_rx_action+0x168/0x2f0

Package Linux Kernel

Published 2025-12-16

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.12 and later are affected. Fixed in 5.4.302, 5.10.247, 5.15.197, 6.1.159, 6.6.117, 6.12.58, 6.17.8, 6.18 and their respective stable series.

Affected from

≥ 4.12

Fixed in

✓ 5.4.302 5.4.x ✓ 5.10.247 5.10.x ✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.117 6.6.x ✓ 6.12.58 6.12.x ✓ 6.17.8 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-68192 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0aabccdcec1f4a36f95829ea2263f845bbc77223
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4e6b9004f01d0fef5b19778399bc5bf55f8c2d71
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8ab3b8f958d861a7f725a5be60769106509fbd69
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68192?

CVE-2025-68192 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.12 onward and has been patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-68192 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68192?

Yes — CVE-2025-68192 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 4.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68192 actively exploited?

No — CVE-2025-68192 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.