CVE-2025-68316
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 (SUCCESS) or 1 (FAILURE). Upon failure during driver probe, the error code 1 is propagated back to the driver probe function which must return a negative value to indicate an error, but 1 is not negative, so the probe is considered to be successful even though it failed. Subsequently, removing the driver results in an oops because it is not in a valid state. This happens because none of the callers of ufshcd_init() expect a non-negative error code. Fix the return value and documentation to match actual usage.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68316
EUVD
EUVD-2025-203753
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's SCSI UFS core driver. After the DME Link Startup, the error return value can be 0 (SUCCESS) or 1 (FAILURE). However, the driver probe function expects a negative value to indicate an error. Because the failure code is 1 (not negative), the probe incorrectly considers the operation successful even though it failed. Later, when the driver is removed, this invalid state causes a kernel oops (crash). The issue arises because callers of ufshcd_init() do not expect a non-negative error code.

Impact Analysis

This vulnerability can cause the Linux kernel to incorrectly treat a failed driver probe as successful, leading to an invalid driver state. When the driver is removed, this invalid state can cause a kernel oops (crash), potentially leading to system instability or downtime.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68316. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart