Infinite Loop Vulnerability in Linux Kernel Kvaser USB Driver
CVE-2025-68308

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68308?

A logic error in the Kvaser USB driver within the Linux kernel can lead to an infinite loop during command parsing. The functions responsible for managing zero-length commands inadvertently fail when aligning data to the boundary of USB endpoint's maximum packet size. Specifically, if a zero-length command is located precisely at a packet boundary, the buffer position does not advance correctly, causing the driver to enter an infinite loop. This issue has been addressed through a patch that modifies the calculation to ensure that the buffer position is always updated, preventing potential parsing failures.

Affected Version(s)

Linux 7259124eac7d1b76b41c7a9cb2511a30556deebe < 58343e0a4d43699f0e2f5b169384bbe4c0217add

Linux 7259124eac7d1b76b41c7a9cb2511a30556deebe < 69c7825df64e24dc15d31631a1fc9145324b1345

Linux 7259124eac7d1b76b41c7a9cb2511a30556deebe < 028e89c7e8b4346302e88df01cc50e0a1f05791a

References

https://git.kernel.org/stable/c/58343e0a4d43699f0e2f5b169...
https://git.kernel.org/stable/c/69c7825df64e24dc15d31631a...
https://git.kernel.org/stable/c/028e89c7e8b4346302e88df01...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68308 : Infinite Loop Vulnerability in Linux Kernel Kvaser USB Driver