Integer Overflow Vulnerability in Linux Kernel Affects USB Functionality
CVE-2025-68750

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68750?

A vulnerability in the Linux kernel related to the function usbg_make_tpg() poses a risk of integer overflow, which could be exploited by providing an excessively large value for the tpgt variable. The tpgt variable is defined as unsigned long while being assigned to tpgt->tport_tpgt, which is defined as u16. This mismatch creates a potential for overflow when tpgt exceeds the USHRT_MAX limit of 65535. A patch has been implemented that rectifies the type of tpgt to match tpgt->tport_tpgt, consequently enhancing the security and stability of USB functionalities within the Linux kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 603a83e5fee38a950bfcfb2f36449311fa00a474

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6f77e344515b5258edb3988188311464209b1c7c

References

https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd5...
https://git.kernel.org/stable/c/603a83e5fee38a950bfcfb2f3...
https://git.kernel.org/stable/c/6f77e344515b5258edb398818...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68750 : Integer Overflow Vulnerability in Linux Kernel Affects USB Functionality