CVE-2025-68781

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the USB PHY driver for Freescale (fsl-usb) within the Linux kernel. The vulnerability occurs due to a race condition during device removal where a delayed work item, otg event, may access memory that has already been freed. Specifically, the fsl otg instance can be freed in fsl otg remove() while the delayed work is still pending or executing, leading to a use-after-free condition when the fsl otg event() function attempts to access the freed memory. The issue was identified through static analysis. The fix involves calling disable delayed work sync() in fsl otg remove() to ensure the delayed work is canceled and completed before memory deallocation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.