CVE-2025-68342

Vulnerability

Overview

CVE-2025-68342 is a flaw in the Linux kernel's gs_usb CAN driver. In the function gs_usb_receive_bulk_callback(), the driver processes USB receive callback, the code did not verify that the received URB contained enough data before accessing the gs_host_frame structure and its payload. The required length depends on flags and device features such as hardware timestamping. An attacker able to send a crafted USB packet to a system using this driver could trigger an out-of-bounds read or write.

Exploitation

Exploitation requires physical or logical access to the USB bus to send a malformed URB to the gs_usb device. No authentication is needed beyond the ability to communicate with the USB device. The driver now includes a new helper function gs_usb_get_minimum_rx_length() to compute the minimum expected length and rejects any URB that falls short, preventing access to uninitialized or out-of-bounds memory [1][2].

Impact

A successful exploit could allow an attacker to read sensitive kernel memory or corrupt kernel data structures, potentially leading to a denial of service (system crash) or, in some cases, privilege escalation. The vulnerability is in the CAN subsystem, which is often used in automotive and industrial environments, making it a target for local or adjacent attackers.

Mitigation

The fix has been applied to the Linux kernel stable tree via commits [1], [2], [3], and [4]. Users should update to a kernel version containing these patches. No workaround is available other than disabling the gs_usb driver if it is not needed.