CVE-2025-68318:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL

The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang.

Set all AXI clock gates to CLK_IS_CRITICAL. All these clock gates are ungated by default on system reset.

In addition, convert all current CLK_IGNORE_UNUSED usage to CLK_IS_CRITICAL to prevent unwanted clock gating.

Source: NVD

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Score

Published December 16, 2025

Severity MEDIUM

CNA Score N/A

Affected Technologies

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 5.9

Exploitation Probability (EPSS) N/A

Affected packages and libraries

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13 No FixAdded at: Dec 17, 2025
- Debian 14 Has FixAdded at: Dec 17, 2025
Echo
- Echo Has FixAdded at: Dec 17, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUMNo FixAdded at: Dec 18, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22857	MEDIUM	6.8	Linux Debian	freerdp3	No	No	Jan 14, 2026
CVE-2026-22856	MEDIUM	6.8	Linux Debian	freerdp-devel	No	No	Jan 14, 2026
CVE-2026-22859	MEDIUM	5.6	Linux Debian	freerdp	No	No	Jan 14, 2026
CVE-2026-22858	MEDIUM	5.6	Linux Debian	freerdp3	No	No	Jan 14, 2026
CVE-2026-22036	LOW	3.7	JavaScript	node-undici	No	Yes	Jan 14, 2026