Memory Management Flaw in Linux Kernel Affecting Nouveau Firmware from NVIDIA
CVE-2025-68235

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68235?

The Linux kernel contains a vulnerability within the Nouveau firmware component, where the nvkm_falcon_fw::boot memory is allocated but not properly deallocated. This oversight leads to kmemleak warnings, indicating that allocated memory may remain inaccessible and unfreed, causing potential memory leaks. It is crucial for developers to ensure all allocated resources are adequately released to maintain system stability and performance.

Affected Version(s)

Linux 2541626cfb794e57ba0575a6920826f591f7ced0 < 7d1977b4ae5c50e1aafc5c51500fc08bd7afd6a0

Linux 2541626cfb794e57ba0575a6920826f591f7ced0 < 6492add9a3a163d5e0390428d2636adc3e61b883

Linux 2541626cfb794e57ba0575a6920826f591f7ced0 < 2bba02a39bfb383bd1a95868d532c0917e38f9e7

References

https://git.kernel.org/stable/c/7d1977b4ae5c50e1aafc5c515...

https://git.kernel.org/stable/c/6492add9a3a163d5e0390428d...

https://git.kernel.org/stable/c/2bba02a39bfb383bd1a95868d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON