Linux Kernel Vulnerability in MOST Subsystem Affects USB Drivers
CVE-2025-68290

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68290?

A notable vulnerability exists within the Linux kernel's MOST subsystem, which can lead to multiple security issues in USB drivers. This vulnerability arises from a non-standard registration function that mishandles interface memory during registration failures and deregistration processes. Recent modifications have exacerbated the situation, resulting in double free and use-after-free scenarios, especially during late probe failures. These memory management flaws could potentially allow attackers to exploit the affected drivers, leading to system instability or unauthorized access.

Affected Version(s)

Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 90e6ce2b1b19fb8b9d4afee69f40e4c6a4791154

Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c

Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 0dece48660be16918ecf2dbdc7193e8be03e1693

References

https://git.kernel.org/stable/c/90e6ce2b1b19fb8b9d4afee69...

https://git.kernel.org/stable/c/a4c4118c2af284835b16431bb...

https://git.kernel.org/stable/c/0dece48660be16918ecf2dbdc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON