-

CVE-2025-68343

EPSS 0.03%
Veröffentlicht 23.12.2025 13:58:28
Zuletzt bearbeitet 23.12.2025 14:51:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header

The driver expects to receive a struct gs_host_frame in
gs_usb_receive_bulk_callback().

Use struct_group to describe the header of the struct gs_host_frame and
check that we have at least received the header before accessing any
members of it.

To resubmit the URB, do not dereference the pointer chain
"dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since
"urb->context" contains "parent", it is always defined, while "dev" is not
defined if the URB it too short.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 18cbce43363c9f84b90a92d57df341155eee0697

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 3433680b759646efcacc64fe36aa2e51ae34b8f0

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 616eee3e895b8ca0028163fcb1dce5e3e9dea322

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < f31693dc3a584c0ad3937e857b59dbc1a7ed2b87

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 6fe9f3279f7d2518439a7962c5870c6e9ecbadcf

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.16

Status affected

Version < 3.16

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.119

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697

https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0

https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322

https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87

https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf

https://nvd.nist.gov/vuln/detail/CVE-2025-68343

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68343

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68343

EUVD