CVE-2025-68308
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kvaser | kvaser_usb | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's kvaser_usb driver, specifically in the command parsers of the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback functions. The issue arises when zero-length commands, which are used to align data to the USB endpoint's packet size boundary, occur exactly on a packet boundary. The driver uses a round_up() function to skip these placeholders by aligning the buffer position to the next packet boundary. However, if the position is exactly on the boundary, round_up() returns the same value, causing the position not to advance and resulting in an infinite loop in the parsing logic. The fix involves adjusting the calculation to use pos + 1, ensuring the position always moves forward and preventing the infinite loop.
How can this vulnerability impact me? :
This vulnerability can cause the kvaser_usb driver to enter an infinite loop when processing certain USB commands, potentially leading to a denial of service condition where the driver or system becomes unresponsive or stuck while handling USB data from Kvaser devices.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the patch fixing the infinite loop in the kvaser_usb driver. The patch modifies the command parsing logic to prevent the infinite loop by adjusting the buffer position calculation. Until the update is applied, avoid using the affected kvaser_usb driver to prevent triggering the vulnerability.