{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68343","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.298Z","datePublished":"2025-12-23T13:58:28.411Z","dateUpdated":"2026-05-11T21:51:21.788Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:51:21.788Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header\n\nThe driver expects to receive a struct gs_host_frame in\ngs_usb_receive_bulk_callback().\n\nUse struct_group to describe the header of the struct gs_host_frame and\ncheck that we have at least received the header before accessing any\nmembers of it.\n\nTo resubmit the URB, do not dereference the pointer chain\n\"dev->parent->hf_size_rx\" but use \"parent->hf_size_rx\" instead. Since\n\"urb->context\" contains \"parent\", it is always defined, while \"dev\" is not\ndefined if the URB it too short."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/gs_usb.c"],"versions":[{"version":"d08e973a77d128b25e01a08c34d89593fdf222da","lessThan":"18cbce43363c9f84b90a92d57df341155eee0697","status":"affected","versionType":"git"},{"version":"d08e973a77d128b25e01a08c34d89593fdf222da","lessThan":"3433680b759646efcacc64fe36aa2e51ae34b8f0","status":"affected","versionType":"git"},{"version":"d08e973a77d128b25e01a08c34d89593fdf222da","lessThan":"616eee3e895b8ca0028163fcb1dce5e3e9dea322","status":"affected","versionType":"git"},{"version":"d08e973a77d128b25e01a08c34d89593fdf222da","lessThan":"f31693dc3a584c0ad3937e857b59dbc1a7ed2b87","status":"affected","versionType":"git"},{"version":"d08e973a77d128b25e01a08c34d89593fdf222da","lessThan":"6fe9f3279f7d2518439a7962c5870c6e9ecbadcf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/gs_usb.c"],"versions":[{"version":"3.16","status":"affected"},{"version":"0","lessThan":"3.16","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.119","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.61","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.11","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"6.6.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"6.12.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"6.17.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697"},{"url":"https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0"},{"url":"https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322"},{"url":"https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87"},{"url":"https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf"}],"title":"can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header","x_generator":{"engine":"bippy-1.2.0"}}}}