CVE-2025-68289
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_eem: Fix memory leak in eem_unwrap
The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks.
Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers.
kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's USB Ethernet Emulation Model (EEM) gadget driver occurs when usb_ep_queue fails in the command path, leaving allocated resources unfreed.
Vulnerability
In the bug
In the Linux kernel's USB gadget subsystem, the eem_unwrap function driver (f_eem) implements the Ethernet Emulation Model (EEM) protocol. The eem_unwrap function processes incoming USB requests and, in the command path, allocates several resources: a cloned skb, a USB request via usb_ep_alloc_request, and additional buffers. If the subsequent usb_ep_queue` call fails, the existing code did not free these allocated resources, leading to a memory leak [1][2][3].
Exploitation
This vulnerability is triggered during normal USB gadget operation when a USB request submission fails. No special privileges are required beyond the ability to interact with the USB gadget device; the attacker would be needed to trigger the failure condition. The leak occurs in kernel memory and can be observed via kmemleak, which reported multiple unreferenced objects of sizes 240, 256, 128, and 64 bytes [1].
Impact
An attacker who can cause repeated usb_ep_queue failures in the EEM command path could exhaust kernel memory, leading to a denial-of-service (DoS) condition. The leak is per-leak amount is modest, but sustained exploitation could degrade system stability or availability.
Mitigation
The fix improves error handling by using goto-based cleanup to free all allocated resources on usb_ep_queue failure. The patch has been applied to the stable kernel tree [1][2][3]. Users should update to a kernel version containing the commit to remediate the issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdfnvd
- git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7nvd
- git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2nvd
- git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472nvd
- git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889cnvd
- git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9nvd
- git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cfnvd
News mentions
0No linked articles in our index yet.