Memory Leak Vulnerability in Linux Kernel USB Gadget Functionality
CVE-2025-68289

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68289?

A vulnerability exists in the Linux kernel related to the USB gadget functionality, specifically within the 'eem_unwrap' method. The original implementation lacked proper error handling for the 'usb_ep_queue' function, resulting in potential memory leaks during operation. The updated patch addresses this issue by ensuring that all allocated resources are appropriately freed in the event of a failure. The use of goto logic for error handling remains, owing to the complexity of the existing code, ensuring robust management of memory resources.

Affected Version(s)

Linux 3b545788505b2e2883aff13bdddeacaf88942a4f

Linux 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 < 5a1628283cd9dccf1e44acfb74e77504f4dc7472

Linux 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 < 0ac07e476944a5e4c2b8b087dd167dec248c1bdf

References

https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe85...

https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb7...

https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON