Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-68342

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data

The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of the data after the header depends on the gs_host_frame hf::flags and the active device features (e.g. time stamping).

Introduce a new function gs_usb_get_minimum_length() and check that we have at least received the required amount of data before accessing it. Only copy the data to that skb that has actually been received.

[mkl: rename gs_usb_get_minimum_length() -> +gs_usb_get_minimum_rx_length()]

Published: Dec 23, 2025
Updated: Dec 24, 2025
CVE: CVE-2025-68342
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo