CVE-2025-68312

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68312
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68312.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68312
Downstream
Related
Published
2025-12-16T15:39:43.174Z
Modified
2026-03-20T12:46:21.486498Z
Summary
usbnet: Prevents free active kevent
Details

In the Linux kernel, the following vulnerability has been resolved:

usbnet: Prevents free active kevent

The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchange(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here.

  1. Another factor is that when calling usbnetdisconnect()->unregisternetdev(), if the usbnet device is up, ndostop() is executed to cancel the kevent. However, because the device is not up, ndostop() is not executed.

The solution to this problem is to cancel the kevent before executing free_netdev().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68312.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8b4588b8b00b299be16a35be67b331d8fdba03f3
Fixed
285d4b953f2ca03c358f986718dd89ee9bde632e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
135199a2edd459d2b123144efcd7f9bcd95128e4
Fixed
88a38b135d69f5db9024ff6527232f1b51be8915
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
635fd8953e4309b54ca6a81bed1d4a87668694f4
Fixed
43005002b60ef3424719ecda16d124714b45da3b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a69e617e533edddf3fa3123149900f36e0a6dc74
Fixed
3a10619fdefd3051aeb14860e4d4335529b4e94d
Fixed
9a579d6a39513069d298eee70770bbac8a148565
Fixed
2ce1de32e05445d77fc056f6ff8339cfb78a5f84
Fixed
5158fb8da162e3982940f30cd01ed77bdf42c6fc
Fixed
420c84c330d1688b8c764479e5738bbdbf0a33de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d2d6b530d89b0a912148018027386aa049f0a309
Last affected
e2a521a7dcc463c5017b4426ca0804e151faeff7
Last affected
7f77dcbc030c2faa6d8e8a594985eeb34018409e
Last affected
d49bb8cf9bfaa06aa527eb30f1a52a071da2e32f
Last affected
db3b738ae5f726204876f4303c49cfdf4311403f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68312.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.302
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.247
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.197
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.159
Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.6.117
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.12.58
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.17.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68312.json"