CVE-2025-68759

In rtl8180initrx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit.

Fix that by jumping to errfreerings label on error, which calls rtl8180freerxring() to free the allocations. Remove the free of rxring in rtl8180initrxring() error path, and set the freed priv->rxbuf entry to null, to avoid double free.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68759.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f653211197f3841f383fa9757ef8ce182c6cf627

Fixed

3677c01891fb0239361e444afee8398868e34bdf

Fixed

89caaeee8dd95fae8bb4f4964e6fe3ca688500c4

Fixed

a4fb7cca9837378878e6c94d9e7af019c8fdfcdb

Fixed

bf8513dfa31ea015c9cf415796dca2113d293840

Fixed

ee7db11742b30641f21306105ad27a275e3c61d7

Fixed

a813a74570212cb5f3a7d3b05c0cb0cd00bace1d

Fixed

c9d1c4152e6d32fa74034464854bee262a60bc43

Fixed

9b5b9c042b30befc5b37e4539ace95af70843473

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68759.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.25

Fixed

5.10.248

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.198

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.160

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.120

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.63

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.13

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68759.json"