CVE-2025-68307
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's gs_usb driver, specifically in the gs_usb_xmit_callback() function. The driver does not properly clean up failed transmitted USB Request Blocks (URBs). When a bulk URB transmission fails, the driver fails to free resources and update status correctly, which reduces the number of available URBs over time. This improper handling leads to reduced performance and can eventually cause the transmission to completely stop.
How can this vulnerability impact me? :
The impact of this vulnerability is a reduction in the number of available URBs due to failed transmissions not being cleaned up properly. This causes degraded performance in data transmission and can ultimately lead to a complete halt of the transmission process, affecting the reliability and functionality of the affected device or system using the gs_usb driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the gs_usb driver has the fix applied for handling failed transmitted URBs. This fix ensures proper cleanup of failed bulk URBs by increasing netdev stats, marking echo_skb as free, freeing the driver's context, doing accounting, and waking the send queue, which prevents reduced performance and transmission stoppage.