{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68308","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.294Z","datePublished":"2025-12-16T15:06:25.081Z","dateUpdated":"2026-05-11T21:50:39.573Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:50:39.573Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_usb: leaf: Fix potential infinite loop in command parsers\n\nThe `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback`\nfunctions contain logic to zero-length commands. These commands are used\nto align data to the USB endpoint's wMaxPacketSize boundary.\n\nThe driver attempts to skip these placeholders by aligning the buffer\nposition `pos` to the next packet boundary using `round_up()` function.\n\nHowever, if zero-length command is found exactly on a packet boundary\n(i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up`\nfunction will return the unchanged value of `pos`. This prevents `pos`\nto be increased, causing an infinite loop in the parsing logic.\n\nThis patch fixes this in the function by using `pos + 1` instead.\nThis ensures that even if `pos` is on a boundary, the calculation is\nbased on `pos + 1`, forcing `round_up()` to always return the next\naligned boundary."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c"],"versions":[{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"58343e0a4d43699f0e2f5b169384bbe4c0217add","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"69c7825df64e24dc15d31631a1fc9145324b1345","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"028e89c7e8b4346302e88df01cc50e0a1f05791a","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"e9dd83a75a7274edef21682c823bf0b66d7b6b7f","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"0897cea266e39166a36111059ba147192b36592f","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"bd8135a560cf6e64f0b98ed4daadf126a38f7f48","status":"affected","versionType":"git"},{"version":"7259124eac7d1b76b41c7a9cb2511a30556deebe","lessThan":"0c73772cd2b8cc108d5f5334de89ad648d89b9ec","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c"],"versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","status":"unaffected","versionType":"semver"},{"version":"5.10.247","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.197","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.119","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.61","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.11","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.15.197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.6.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.12.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.17.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/58343e0a4d43699f0e2f5b169384bbe4c0217add"},{"url":"https://git.kernel.org/stable/c/69c7825df64e24dc15d31631a1fc9145324b1345"},{"url":"https://git.kernel.org/stable/c/028e89c7e8b4346302e88df01cc50e0a1f05791a"},{"url":"https://git.kernel.org/stable/c/e9dd83a75a7274edef21682c823bf0b66d7b6b7f"},{"url":"https://git.kernel.org/stable/c/0897cea266e39166a36111059ba147192b36592f"},{"url":"https://git.kernel.org/stable/c/bd8135a560cf6e64f0b98ed4daadf126a38f7f48"},{"url":"https://git.kernel.org/stable/c/0c73772cd2b8cc108d5f5334de89ad648d89b9ec"}],"title":"can: kvaser_usb: leaf: Fix potential infinite loop in command parsers","x_generator":{"engine":"bippy-1.2.0"}}}}