CVE-2025-68343

23.12.2025, 14:16

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header

The driver expects to receive a struct gs_host_frame in
gs_usb_receive_bulk_callback().

Use struct_group to describe the header of the struct gs_host_frame and
check that we have at least received the header before accessing any
members of it.

To resubmit the URB, do not dereference the pointer chain
"dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since
"urb->context" contains "parent", it is always defined, while "dev" is not
defined if the URB it too short.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	6.17.12-1 fixed
sid	6.17.13-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht spezifizierte Angriffe durchzuführen.
Published: 2025-12-23T23:00:00+00:00

References

https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697

https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0

https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322

https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf

https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87