CVE-2025-68288
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355. When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this can lead to USB protocols leaks to user space through SCSI generic (/dev/sg*) interfaces, such as the one seen here when the LTP test requested 512 KiB. Fix the leak by zeroing the CSW data in srb's transfer buffer immediately after the validation of devices that skip data phase. Note: Differently from CVE-2018-1000204, which fixed a big leak by zero- ing pages at allocation time, this leak occurs after allocation, when USB protocol data is written to already-allocated sg pages.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68288
EUVD
EUVD-2025-203792
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's USB storage subsystem. Specifically, when USB storage devices skip the data phase but still provide status data, the kernel code extracts and validates the Command Status Wrapper (CSW) from the scatter-gather (sg) buffer but fails to clear it afterward. This leaves USB protocol status data in the transfer buffer, which can leak to user space through SCSI generic (/dev/sg*) interfaces. The leak occurs after memory allocation when USB protocol data is written to already-allocated sg pages.

Impact Analysis

This vulnerability can lead to unintended leakage of USB protocol data to user space applications via SCSI generic interfaces. This could potentially expose sensitive kernel memory contents or USB protocol information to unauthorized users or processes, which may be exploited for further attacks or information disclosure.

Mitigation Strategies

Apply the Linux kernel update that includes the fix for the USB storage memory leak vulnerability. This fix involves zeroing the Command Status Wrapper (CSW) data in the srb's transfer buffer immediately after validation to prevent USB protocol data leaks. Until the update is applied, avoid using untrusted USB storage devices to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68288. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart