CVE-2025-68298 Affecting kernel-uek-doc package, versions <0:6.12.0-108.64.6.3.el9uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE9-KERNELUEKDOC-15329933
- published23 Feb 2026
- disclosed16 Dec 2025
Introduced: 16 Dec 2025
CVE-2025-68298 (opens in a new tab)How to fix?
Upgrade Oracle:9 kernel-uek-doc to version 0:6.12.0-108.64.6.3.el9uek or higher.
This issue was patched in ELSA-2026-50112.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-doc package and not the kernel-uek-doc package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref
In btusb_mtk_setup(), we set btmtk_data->isopkt_intf to:
usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM)
That function can return NULL in some cases. Even when it returns NULL, though, we still go on to call btusb_mtk_claim_iso_intf().
As of commit e9087e828827 ("Bluetooth: btusb: mediatek: Add locks for
usb_driver_claim_interface()"), calling btusb_mtk_claim_iso_intf()
when btmtk_data->isopkt_intf is NULL will cause a crash because
we'll end up passing a bad pointer to device_lock(). Prior to that
commit we'd pass the NULL pointer directly to
usb_driver_claim_interface() which would detect it and return an
error, which was handled.
Resolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check
at the start of the function. This makes the code handle a NULL
btmtk_data->isopkt_intf the same way it did before the problematic
commit (just with a slight change to the error message printed).
References
- https://linux.oracle.com/cve/CVE-2025-68298.html
- https://linux.oracle.com/errata/ELSA-2026-50112.html
- https://git.kernel.org/stable/c/2fa09fe98ca3b114d66285f65f7e108fea131815
- https://git.kernel.org/stable/c/c3b990e0b23068da65f0004cd38ee31f43f36460
- https://git.kernel.org/stable/c/c884a0b27b4586e607431d86a1aa0bb4fb39169c