What is CVE-2025-68354?

CVE-2025-68354 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.13 onward and patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68354 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68354?

CVE-2025-68354 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68354?

Yes, CVE-2025-68354 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 3.13 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68354 actively exploited?

CVE-2025-68354 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68354

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and regulator_unregister_supply_alias(). Concurrent registration, unregistration and lookups can race, leading to: 1 use-after-free if an alias entry is removed while being read, 2 duplicate entries when two threads register the same alias, 3 inconsistent alias mappings observed by consumers. Protect all traversals, insertions and deletions on regulator_supply_alias_list with the existing regulator_list_mutex.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.13 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.63, 6.17.13, 6.18.2, 6.19 and their respective stable series.

Affected from

≥ 3.13

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.63 6.12.x ✓ 6.17.13 6.17.x ✓ 6.18.2 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68354 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/09811a83b214cc15521e0d818e43ae9043e9a28d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/0cc15a10c3b4ab14cd71b779fd5c9ca0cb2bc30d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/431a1d44ad4866362cc28fc1cc4ca93d84989239
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68354?

CVE-2025-68354 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.13 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68354 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68354?

Yes — CVE-2025-68354 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 3.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68354 actively exploited?

No — CVE-2025-68354 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.