Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.

INFO

Published Date :

2025-12-23T13:58:28.411Z

Last Modified :

2025-12-23T13:58:28.411Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68343 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68343.

URL Resource
https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697 cve-icon cve-icon
https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0 cve-icon cve-icon
https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322 cve-icon cve-icon
https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf cve-icon cve-icon
https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025122333-CVE-2025-68343-3238@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68343 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68343 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact