AZL-72989

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72989.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-72989

Upstream

CVE-2025-68342

Published

2025-12-23T14:16:40Z

Modified

2026-04-01T05:22:14.253729Z

Summary

CVE-2025-68342 affecting package kernel for versions less than 6.6.119.3-1

Details

In the Linux kernel, the following vulnerability has been resolved:

can: gsusb: gsusbreceivebulkcallback(): check actuallength before accessing data

The URB received in gsusbreceivebulkcallback() contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::flags and the active device features (e.g. time stamping).

Introduce a new function gsusbgetminimumlength() and check that we have at least received the required amount of data before accessing it. Only copy the data to that skb that has actually been received.

[mkl: rename gsusbgetminimumlength() -> +gsusbgetminimumrx_length()]

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68342

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.119.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72989.json"