-

CVE-2025-68249

EPSS 0.04%
Veröffentlicht 16.12.2025 14:32:16
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

most: usb: hdm_probe: Fix calling put_device() before device initialization

The early error path in hdm_probe() can jump to err_free_mdev before
&mdev->dev has been initialized with device_initialize(). Calling
put_device(&mdev->dev) there triggers a device core WARN and ends up
invoking kref_put(&kobj->kref, kobject_release) on an uninitialized
kobject.

In this path the private struct was only kmalloc'ed and the intended
release is effectively kfree(mdev) anyway, so free it directly instead
of calling put_device() on an uninitialized device.

This removes the WARNING and fixes the pre-initialization error path.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 3509c748e79435d09e730673c8c100b7f0ebc87c

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < ad2be44882716dc3589fbc5572cc13f88ead6b24

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < c400410fe0580dd6118ae8d60287ac9ce71a65fd

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 7d851f746067b8ee5bac9c262f326ace0a6ea253

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 4af0eedbdb4df7936bf43a28e31af232744d2620

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < a8cc9e5fcb0e2eef21513a4fec888f5712cb8162

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.9

Status affected

Version < 5.9

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.196

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/3509c748e79435d09e730673c8c100b7f0ebc87c

https://git.kernel.org/stable/c/ad2be44882716dc3589fbc5572cc13f88ead6b24

https://git.kernel.org/stable/c/c400410fe0580dd6118ae8d60287ac9ce71a65fd

https://git.kernel.org/stable/c/6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95

https://git.kernel.org/stable/c/7d851f746067b8ee5bac9c262f326ace0a6ea253

https://git.kernel.org/stable/c/4af0eedbdb4df7936bf43a28e31af232744d2620

https://git.kernel.org/stable/c/a8cc9e5fcb0e2eef21513a4fec888f5712cb8162

https://nvd.nist.gov/vuln/detail/CVE-2025-68249

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68249

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68249

EUVD