CVE-2025-68342

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s CAN subsystem, specifically within the gs usb receive bulk callback() function. This issue relates to insufficient validation of the length of data received via a USB URB (USB Request Block). The vulnerability occurs because the code accesses data within a gs host frame structure without first verifying that the actual length of the received data meets the minimum required length. This can lead to out-of-bounds reads and potential system instability. The fix introduces a function, gs usb get minimum rx length(), to determine the minimum expected data length and ensures that data access only occurs after this check.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-72989

CVE-2025-68342

ECHO-1B48-C45A-2D3D

MGASA-2026-0017

MGASA-2026-0018

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8152-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68342

Related Identifiers

Affected Products

References · 1958