What is CVE-2025-68330?

CVE-2025-68330 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.2 onward and patched in 5.15.197, 6.1.159, 6.6.119 and others. CVE-2025-68330 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68330?

CVE-2025-68330 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68330?

Yes, CVE-2025-68330 has been patched. Fixed versions include 5.15.197, 6.1.159, 6.6.119 and others. If you are running Linux kernel 4.2 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68330 actively exploited?

CVE-2025-68330 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68330

In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Store the IRQ number in the state struct, as this is a common pattern in other drivers, then use this to determine if we have IRQ support or not.

Package Linux Kernel

Published 2025-12-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.2 and later are affected. Fixed in 5.15.197, 6.1.159, 6.6.119, 6.12.61, 6.17.11, 6.18 and their respective stable series.

Affected from

≥ 4.2

Fixed in

✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.119 6.6.x ✓ 6.12.61 6.12.x ✓ 6.17.11 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-68330 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/3aa385a9c75c09b59dcab2ff76423439d23673ab
Patch
Kernel patch commit
https://git.kernel.org/stable/c/65ad4ed983fd9ee0259d86391d6a53f78203918c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/93eaa5ddc5fc4f50ac396afad8ce261102ebd4f3
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68330?

CVE-2025-68330 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.2 onward and has been patched in 5.15.197, 6.1.159, 6.6.119 and others. CVE-2025-68330 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68330?

Yes — CVE-2025-68330 has been patched. Fixed versions include 5.15.197, 6.1.159, 6.6.119 and others. If you are running Linux kernel 4.2 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68330 actively exploited?

No — CVE-2025-68330 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.