Memory Corruption in Linux Kernel Affecting Intel Punit IPC Device
CVE-2025-68303

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68303?

A memory corruption vulnerability has been identified in the Linux kernel's handling of Intel's Punit IPC device. The flaw arises from an incorrect pointer usage where the address of the pointer '&punit_ipcdev' was passed instead of the pointer 'punit_ipcdev' itself. This error results in a write operation to an incorrect memory address when invoking 'complete(&ipcdev->cmd_complete);', leading to potential memory corruption. It is essential for users and system administrators to be aware of this issue and apply necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux fdca4f16f57da76a8e68047923588a87d1c01f0a < 15d560cdf5b36c51fffec07ac2a983ab3bff4cb2

Linux fdca4f16f57da76a8e68047923588a87d1c01f0a < 46e9d6f54184573dae1dcbcf6685a572ba6f4480

Linux fdca4f16f57da76a8e68047923588a87d1c01f0a < 3e7442c5802146fd418ba3f68dcb9ca92b5cec83

References

https://git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac...

https://git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6...

https://git.kernel.org/stable/c/3e7442c5802146fd418ba3f68...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON