CVE-2025-68343
Integer Underflow in Linux Kernel gs_usb Driver Causes Memory Access Error
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that includes the correction in the gs_usb driver, specifically the fix in gs_usb_receive_bulk_callback() to properly check actual_length before accessing the header. Avoid using vulnerable kernel versions until patched.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's gs_usb driver involves improper checking of the actual_length before accessing the header in the gs_usb_receive_bulk_callback() function. The driver expects to receive a struct gs_host_frame, but it did not verify that the received data was at least the size of the header before accessing its members. This could lead to dereferencing invalid pointers if the received data is too short. The fix involves using struct_group to describe the header and checking the length before access, and correctly resubmitting the URB by using a pointer that is always defined.
How can this vulnerability impact me? :
This vulnerability could lead to kernel crashes or undefined behavior due to dereferencing invalid pointers when processing USB data in the gs_usb driver. This may result in system instability or potential denial of service if exploited.