CVE-2025-68750
Integer Overflow in Linux Kernel USB Gadget Target Port Handling
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the Linux kernel function usbg_make_tpg(). Specifically, a variable tpgt defined as unsigned long is assigned to a 16-bit unsigned integer field tport_tpgt. If tpgt is larger than 65535 (the maximum value for a 16-bit unsigned integer), this can cause an integer overflow, potentially leading to unexpected behavior or memory corruption.
How can this vulnerability impact me? :
The integer overflow could lead to memory corruption or other unintended behavior in the Linux kernel's USB subsystem. This may result in system instability, crashes, or potential security risks such as privilege escalation or denial of service, depending on how the overflow is exploited.