CVE-2025-68799

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68799
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68799.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68799
Downstream
Related
Published
2026-01-13T15:29:09.012Z
Modified
2026-05-15T04:14:12.521406564Z
Summary
caif: fix integer underflow in cffrml_receive()
Details

In the Linux kernel, the following vulnerability has been resolved:

caif: fix integer underflow in cffrml_receive()

The cffrml_receive() function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len >= 2.

If an attacker sends a malicious packet with a length field of 0 or 1 to an interface with FCS disabled, the subtraction causes an integer underflow.

This can lead to memory exhaustion and kernel instability, potential information disclosure if padding contains uninitialized kernel memory.

Fix this by validating that len >= 2 before performing the subtraction.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68799.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.35
Fixed
5.10.248
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.198
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.160
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.120
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.64
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68799.json"