Home

Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-23 | Updated 2025-12-23 | Assigner Linux

Product status

Default status
unaffected

d08e973a77d128b25e01a08c34d89593fdf222da (git) before 18cbce43363c9f84b90a92d57df341155eee0697
affected

d08e973a77d128b25e01a08c34d89593fdf222da (git) before 3433680b759646efcacc64fe36aa2e51ae34b8f0
affected

d08e973a77d128b25e01a08c34d89593fdf222da (git) before 616eee3e895b8ca0028163fcb1dce5e3e9dea322
affected

d08e973a77d128b25e01a08c34d89593fdf222da (git) before f31693dc3a584c0ad3937e857b59dbc1a7ed2b87
affected

d08e973a77d128b25e01a08c34d89593fdf222da (git) before 6fe9f3279f7d2518439a7962c5870c6e9ecbadcf
affected

Default status
affected

3.16
affected

Any version before 3.16
unaffected

6.1.159 (semver)
unaffected

6.6.119 (semver)
unaffected

6.12.61 (semver)
unaffected

6.17.11 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/18cbce43363c9f84b90a92d57df341155eee0697

git.kernel.org/...c/3433680b759646efcacc64fe36aa2e51ae34b8f0

git.kernel.org/...c/616eee3e895b8ca0028163fcb1dce5e3e9dea322

git.kernel.org/...c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87

git.kernel.org/...c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf

cve.org (CVE-2025-68343)

nvd.nist.gov (CVE-2025-68343)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.