CVE-2025-68303
Published Dec 16, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). This means that the: complete(&ipcdev->cmd_complete); in intel_punit_ioc() will write to a wrong memory address corrupting it.
Is your site exposed to CVE-2025-68303?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac2a983ab3bff4cb2
https://git.kernel.org/stable/c/3e7442c5802146fd418ba3f68dcb9ca92b5cec83
https://git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6685a572ba6f4480
https://git.kernel.org/stable/c/9b9c0adbc3f8a524d291baccc9d0c04097fb4869
https://git.kernel.org/stable/c/a21615a4ac6fecbb586d59fe2206b63501021789
https://git.kernel.org/stable/c/c2ee6d38996775a19bfdf20cb01a9b8698cb0baa
Frequently Asked Questions
What is CVE-2025-68303? +
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel: punit_ipc: fix memory corruption
This passes the address of the pointer "&punit_ipcdev" when the intent
was to pass the pointer itself "punit_ipcdev" (without the ampersand).
This means that the:
complete(&ipcdev->cmd_complete);
in intel_punit_ioc() will write to a wrong memory address corrupting it.
How do I check if I'm vulnerable to CVE-2025-68303? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.