CVE-2025-68781
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2. When the USB ID pin state changes (cable insertion/removal). A race condition occurs when the device is removed via fsl_otg_remove(): the fsl_otg instance may be freed while the delayed work is still pending or executing. This leads to use-after-free when the work function fsl_otg_event() accesses the already freed memory. The problematic scenario: (detach thread) | (delayed work) fsl_otg_remove() | kfree(fsl_otg_dev) //FREE| fsl_otg_event() | og = container_of(...) //USE | og-> //USE Fix this by calling disable_delayed_work_sync() in fsl_otg_remove() before deallocating the fsl_otg structure. This ensures the delayed work is properly canceled and completes execution prior to memory deallocation. This bug was identified through static analysis.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-14
Generated
2026-05-07
AI Q&A
2026-01-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68781
EUVD
EUVD-2026-2329
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free bug in the Linux kernel's fsl-usb PHY driver. It occurs because a delayed work item (otg_event) can still be pending or executing when the device is removed and its memory is freed. Specifically, the delayed work function accesses memory that has already been deallocated, leading to undefined behavior. The issue arises from a race condition between device removal and delayed work execution. The fix involves canceling and synchronizing the delayed work before freeing the memory to prevent this use-after-free.


How can this vulnerability impact me? :

This vulnerability can lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the use-after-free condition in the USB PHY driver during device removal.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that calls disable_delayed_work_sync() in fsl_otg_remove() before deallocating the fsl_otg structure. This prevents the use-after-free by properly canceling and completing the delayed work before memory deallocation. Updating your kernel to a version with this fix applied is the immediate step to take.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart