CVE-2025-68287

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to a race condition within the dwc3 remove requests() function. This occurs due to unsynchronized execution of multiple call paths, potentially leading to premature freeing of USB requests and system crashes. Three distinct paths trigger this issue: one during USB reset handling, another also initiated from USB reset handling via dwc3 stop active transfers(), and a third during adb root execution. The asynchronous nature of the third path, combined with a lack of synchronization with the other two, can result in use-after-free conditions when accessing freed memory. The function dwc3 remove requests() is central to this issue, and the call stack includes functions like dwc3 gadget del and unmap request(), dwc3 ep0 reset state(), and dwc3 stop active transfers().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.