CVE-2025-68342
Buffer Overflow in Linux gs_usb Driver Due to Insufficient Length Check
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's gs_usb driver involves improper checking of the actual_length field in the gs_usb_receive_bulk_callback() function before accessing data. The function receives a USB Request Block (URB) containing a gs_host_frame structure, where the length of data after the header depends on certain flags and device features. The fix introduces a new function to ensure that the minimum required length of data has been received before accessing it, preventing potential out-of-bounds access or data corruption.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to the Linux kernel accessing data beyond the actual received length, potentially causing memory corruption, system instability, or crashes. This could affect system reliability and security, possibly allowing an attacker to cause denial of service or execute arbitrary code depending on the context.