Device Initialization Flaw in Linux Kernel Affects USB Functionality
CVE-2025-68249
What is CVE-2025-68249?
The vulnerability in the Linux kernel relates to improper handling during USB device initialization. Specifically, in the hdm_probe() function, there is a faulty early error path that can lead to a device core warning. If an error occurs before device initialization, the function may attempt to release resources associated with an uninitialized device structure. This could result in undefined behavior, including potential memory leaks and incorrect resource handling. The issue highlights the importance of ensuring that device structures are fully initialized before any operations are performed on them.
Affected Version(s)
Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d < 3509c748e79435d09e730673c8c100b7f0ebc87c
Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d
Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d