{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68750","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.032Z","datePublished":"2025-12-24T15:51:03.141Z","dateUpdated":"2026-05-11T21:52:37.371Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:37.371Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: potential integer overflow in usbg_make_tpg()\n\nThe variable tpgt in usbg_make_tpg() is defined as unsigned long and is\nassigned to tpgt->tport_tpgt, which is defined as u16. This may cause an\ninteger overflow when tpgt is greater than USHRT_MAX (65535). I\nhaven't tried to trigger it myself, but it is possible to trigger it\nby calling usbg_make_tpg() with a large value for tpgt.\n\nI modified the type of tpgt to match tpgt->tport_tpgt and adjusted the\nrelevant code accordingly.\n\nThis patch is similar to commit 59c816c1f24d (\"vhost/scsi: potential\nmemory corruption\")."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/f_tcm.c"],"versions":[{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"603a83e5fee38a950bfcfb2f36449311fa00a474","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"6f77e344515b5258edb3988188311464209b1c7c","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"6722e080b5b39ab7471386c73d0c1b39572f943c","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"a33f507f36d5881f602dab581ab0f8d22b49762c","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"358d5ba08f1609c34a054aed88c431844d09705a","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"620a5e1e84a3a7004270703a118d33eeb1c0f368","status":"affected","versionType":"git"},{"version":"c52661d60f636d17e26ad834457db333bd1df494","lessThan":"153874010354d050f62f8ae25cbb960c17633dc5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/f_tcm.c"],"versions":[{"version":"3.5","status":"affected"},{"version":"0","lessThan":"3.5","status":"unaffected","versionType":"semver"},{"version":"5.4.296","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.240","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.187","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.143","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.96","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.36","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.5","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.15.187"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.1.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.6.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.12.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.15.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24"},{"url":"https://git.kernel.org/stable/c/603a83e5fee38a950bfcfb2f36449311fa00a474"},{"url":"https://git.kernel.org/stable/c/6f77e344515b5258edb3988188311464209b1c7c"},{"url":"https://git.kernel.org/stable/c/6722e080b5b39ab7471386c73d0c1b39572f943c"},{"url":"https://git.kernel.org/stable/c/a33f507f36d5881f602dab581ab0f8d22b49762c"},{"url":"https://git.kernel.org/stable/c/358d5ba08f1609c34a054aed88c431844d09705a"},{"url":"https://git.kernel.org/stable/c/620a5e1e84a3a7004270703a118d33eeb1c0f368"},{"url":"https://git.kernel.org/stable/c/153874010354d050f62f8ae25cbb960c17633dc5"}],"title":"usb: potential integer overflow in usbg_make_tpg()","x_generator":{"engine":"bippy-1.2.0"}}}}