CVE-2025-68799
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow in the Linux kernel's cffrml_receive() function within the caif module. The function extracts a length field from a packet header and subtracts 2 from it when Frame Check Sequence (FCS) is disabled, but it does not check if the length is at least 2 before subtracting. If an attacker sends a packet with a length of 0 or 1, this subtraction causes an integer underflow, leading to incorrect length calculations.
How can this vulnerability impact me? :
The integer underflow can lead to memory exhaustion and kernel instability. Additionally, it may cause potential information disclosure if the padding contains uninitialized kernel memory, which could expose sensitive data.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version where the cffrml_receive() function has been fixed to validate that the length field is >= 2 before subtracting 2. Additionally, ensure that interfaces with FCS disabled are monitored and consider enabling FCS if possible to reduce exposure.