What is CVE-2025-68775?

CVE-2025-68775 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.4 onward and patched in 6.6.120, 6.12.64, 6.18.3 and others. CVE-2025-68775 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68775?

CVE-2025-68775 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68775?

Yes, CVE-2025-68775 has been patched. Fixed versions include 6.6.120, 6.12.64, 6.18.3 and others. If you are running Linux kernel 6.4 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68775 actively exploited?

CVE-2025-68775 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68775

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshake_net->hn_requests list, but it is still present in the handshake_rhashtbl until it is destroyed. If a second cancellation request arrives for the same handshake request, then remove_pending() will return false... and assuming HANDSHAKE_F_REQ_COMPLETED isn't set in req->hr_flags, we'll continue processing through the out_true label, where we put another reference on the sock and a refcount underflow occurs. This can happen for example if a handshake times out - particularly if the SUNRPC client sends the AUTH_TLS probe to the server but doesn't follow it up with the ClientHello due to a problem with tlshd. When the timeout is hit on the server, the server will send a FIN, which triggers a cancellation request via xs_reset_transport(). When the timeout is hit on the client, another cancellation request happens via xs_tls_handshake_sync(). Add a test_and_set_bit(HANDSHAKE_F_REQ_COMPLETED) in the pending cancel path so duplicate cancels can be detected.

Package Linux Kernel

Published 2026-01-13

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.4 and later are affected. Fixed in 6.6.120, 6.12.64, 6.18.3, 6.19 and their respective stable series.

Affected from

≥ 6.4

Fixed in

✓ 6.6.120 6.6.x ✓ 6.12.64 6.12.x ✓ 6.18.3 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68775 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/011ae80c49d9bfa5b4336f8bd387cd25c7593663
Patch
Kernel patch commit
https://git.kernel.org/stable/c/15564bd67e2975002f2a8e9defee33e321d3183f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3c330f1dee3cd92b57e19b9d21dc8ce5970b09be
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68775?

CVE-2025-68775 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.4 onward and has been patched in 6.6.120, 6.12.64, 6.18.3 and others. CVE-2025-68775 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68775?

Yes — CVE-2025-68775 has been patched. Fixed versions include 6.6.120, 6.12.64, 6.18.3 and others. If you are running Linux kernel 6.4 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68775 actively exploited?

No — CVE-2025-68775 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.