Use-After-Free Vulnerability in Linux Kernel USB Type-C Driver by Vendor Linux
CVE-2025-68323

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-68323?

A use-after-free vulnerability in the Linux Kernel USB Type-C driver arises when the control structures are not properly managed during removal, allowing for potential access to freed memory. This occurs because a delayed work scheduled in the probing function is not canceled, leading to scenarios where freed structures may still be accessed. The race condition has a window of up to 3 seconds, making it reproducible. Affected components can experience operations on already-deallocated memory, posing significant risks for system stability and security.

Affected Version(s)

Linux 00327d7f2c8c512c9b168daae02c8b989f79ec71

Linux 00327d7f2c8c512c9b168daae02c8b989f79ec71 < 2b7a0f47aaf2439d517ba0a6b29c66a535302154

References

https://git.kernel.org/stable/c/d8ac85c76a4279979b917d4b2...

https://git.kernel.org/stable/c/a880ef71a1c8da266b8849121...

https://git.kernel.org/stable/c/2b7a0f47aaf2439d517ba0a6b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 16, 2025

JSON