Null Pointer Dereference Vulnerability in Linux Kernel PCI/AER Module
CVE-2025-68309

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68309?

A vulnerability has been identified in the PCI/AER module of the Linux kernel, where improper handling of memory allocation through kzalloc can lead to a null pointer dereference. If kzalloc returns NULL, any access to the aer_info structure can trigger a kernel panic, resulting in system instability. This issue emphasizes the importance of checking return values for memory allocation to prevent unforeseen errors in kernel operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6618243bcc3f60825f761a41ed65fef9fe97eb25

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0a27bdb14b028fed30a10cec2f945c38cb5ca4fa

Linux 6.17.8 <= 6.17.*

References

https://git.kernel.org/stable/c/6618243bcc3f60825f761a41e...

https://git.kernel.org/stable/c/0a27bdb14b028fed30a10cec2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON