CVE-2025-68132
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | everest | to 2025.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68132 is an out-of-bounds read vulnerability in the DZG_GSH01 powermeter driver's SLIP CRC parser within the everest-core project. The function `is_message_crc_correct` reads the last two bytes of a message vector without checking if the vector contains at least two bytes. Malformed SLIP frames received over the serial link can produce sub-messages smaller than two bytes, causing the function to access invalid memory. This leads to undefined behavior and likely crashes the powermeter driver process, resulting in a denial of service. The vulnerability is triggered via the multi-message parsing path and was fixed by adding a size check to reject messages smaller than two bytes. [1]
How can this vulnerability impact me? :
This vulnerability can cause the powermeter driver process to crash when it receives malformed SLIP frames with sub-messages smaller than two bytes. An attacker controlling the serial input can reliably trigger this crash, resulting in a denial of service (DoS) condition. There is no impact on confidentiality or integrity, only availability is affected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or denial of service in the everest-core powermeter driver process, especially when malformed SLIP frames are received over the serial link. Detection involves checking for abnormal process terminations or logs indicating out-of-bounds reads in the DZG_GSH01 SLIP parser. Since the vulnerability is triggered by malformed SLIP frames with sub-messages smaller than 2 bytes, capturing and analyzing serial traffic for such frames (e.g., frames with multiple 0xC0 delimiters and very short sub-messages) can help detect attempts to exploit this issue. Commands to capture serial traffic could include using tools like `cat /dev/ttyS*` or `screen /dev/ttyS*` to monitor serial input, or using serial protocol analyzers to filter for frames with sub-messages of length less than 2 bytes. Additionally, enabling debugging or logging in the everest-core software to capture errors in the SLIP parser may assist in detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the everest-core software to version 2025.12.0 or later, where the vulnerability is fixed by adding a size check in the `is_message_crc_correct` function to reject messages smaller than 2 bytes. Until the upgrade can be applied, it is recommended to implement input validation to discard SLIP frames smaller than 4 bytes earlier in the processing pipeline and reject sub-messages shorter than the CRC trailer (less than 2 bytes) before CRC validation. Additionally, restricting physical access to the serial link to prevent attackers from sending malformed SLIP frames can reduce risk. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a low-severity denial of service by crashing the powermeter driver process via an out-of-bounds read. It does not impact confidentiality or integrity of data. Therefore, it does not directly affect compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on data privacy and protection. The impact is limited to availability with low severity. [1]