CVE-2025-68288
- Source
- https://cve.org/CVERecord?id=CVE-2025-68288
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68288.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68288
- Downstream
- Related
- Published
- 2025-12-16T15:06:09.654Z
- Modified
- 2026-03-09T23:51:44.800220Z
- Summary
- usb: storage: Fix memory leak in USB bulk transport
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: storage: Fix memory leak in USB bulk transport
A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355.
When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the USBULKCS_SIGN 'USBS' signature observed here. Thus, this can lead to USB protocols leaks to user space through SCSI generic (/dev/sg*) interfaces, such as the one seen here when the LTP test requested 512 KiB.
Fix the leak by zeroing the CSW data in srb's transfer buffer immediately after the validation of devices that skip data phase.
Note: Differently from CVE-2018-1000204, which fixed a big leak by zero- ing pages at allocation time, this leak occurs after allocation, when USB protocol data is written to already-allocated sg pages.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68288.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0f18eac44c5668204bf6eebb01ddb369ac56932b
- https://git.kernel.org/stable/c/41e99fe2005182139b1058db71f0d241f8f0078c
- https://git.kernel.org/stable/c/467fec3cefbeb9e3ea80f457da9a5666a71ca0d0
- https://git.kernel.org/stable/c/4ba515dfff7eeca369ab85cdbb3f3b231c71720c
- https://git.kernel.org/stable/c/5b815ddb3f5560fac35b16de3a2a22d5f81c5993
- https://git.kernel.org/stable/c/83f0241959831586d9b6d47f6bd5d3dec8f43bf0
- https://git.kernel.org/stable/c/cb1401b5bcc2feb5b038fc4b512e5968b016e05e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68288.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68288
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda45b599ad808c3c982fdcdc12b0b8611c2f92824Fixed83f0241959831586d9b6d47f6bd5d3dec8f43bf0Fixed4ba515dfff7eeca369ab85cdbb3f3b231c71720cFixed467fec3cefbeb9e3ea80f457da9a5666a71ca0d0Fixedcb1401b5bcc2feb5b038fc4b512e5968b016e05eFixed0f18eac44c5668204bf6eebb01ddb369ac56932bFixed5b815ddb3f5560fac35b16de3a2a22d5f81c5993Fixed41e99fe2005182139b1058db71f0d241f8f0078c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected582802e7c617cfb07cc15f280c128e6decbc57b8Last affected58b7ce6f9ef2367f86384b20458642945993b816Last affected93314640426ddb6af618d0802e622f6fa771792cLast affectedad2518320bc440ed3db072e2444a1bb226a9cf7aLast affectedd827bea2d18c07ba514f7d48cde49f90da9a1384Last affected39169410574503c6e901de1aa6eac5108475e017
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.17.0Fixed5.10.247
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.197
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.159
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.119
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.61
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.11