CVE-2025-68343 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697
https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0
https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322
https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf
https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87

History

Tue, 23 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.
Title		can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697 https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0 https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322 https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-23T13:58:28.411Z

Updated: 2025-12-23T13:58:28.411Z

Reserved: 2025-12-16T14:48:05.298Z

Link: CVE-2025-68343

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-23T14:16:40.913

Modified: 2025-12-23T14:51:52.650

Link: CVE-2025-68343

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object