CVE-2025-68342

NONE EPSS 5.2%
Published Dec 23, 20256mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Dec 23, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of the data after the header depends on the gs_host_frame hf::flags and the active device features (e.g. time stamping). Introduce a new function gs_usb_get_minimum_length() and check that we have at least received the required amount of data before accessing it. Only copy the data to that skb that has actually been received. [mkl: rename gs_usb_get_minimum_length() -> +gs_usb_get_minimum_rx_length()]

Threat Intelligence

EPSS Exploit Probability
5.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 4

  • git.kernel.org https://git.kernel.org/stable/c/395d988f93861101ec89d0dd9e3b876ae9392a5b
  • git.kernel.org https://git.kernel.org/stable/c/4ffac725154cf6a253f5e6aa0c8946232b6a0af5
  • git.kernel.org https://git.kernel.org/stable/c/ad55004a3cb5b41ef78aa6c09e7bc5a489ba652b
  • git.kernel.org https://git.kernel.org/stable/c/fb0c7c77a7ae3a2c3404b7d0173b8739a754b513

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.