fkie_nvd - fkie_cve-2025-68289

fkie_cve-2025-68289

Vulnerability from fkie_nvd

Published

2025-12-16 16:16

Modified

2025-12-18 15:08

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix memory leak in eem_unwrap The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks. Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers. kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_eem: Fix memory leak in eem_unwrap\n\nThe existing code did not handle the failure case of usb_ep_queue in the\ncommand path, potentially leading to memory leaks.\n\nImprove error handling to free all allocated resources on usb_ep_queue\nfailure. This patch continues to use goto logic for error handling, as the\nexisting error handling is complex and not easily adaptable to auto-cleanup\nhelpers.\n\nkmemleak results:\n  unreferenced object 0xffffff895a512300 (size 240):\n    backtrace:\n      slab_post_alloc_hook+0xbc/0x3a4\n      kmem_cache_alloc+0x1b4/0x358\n      skb_clone+0x90/0xd8\n      eem_unwrap+0x1cc/0x36c\n  unreferenced object 0xffffff8a157f4000 (size 256):\n    backtrace:\n      slab_post_alloc_hook+0xbc/0x3a4\n      __kmem_cache_alloc_node+0x1b4/0x2dc\n      kmalloc_trace+0x48/0x140\n      dwc3_gadget_ep_alloc_request+0x58/0x11c\n      usb_ep_alloc_request+0x40/0xe4\n      eem_unwrap+0x204/0x36c\n  unreferenced object 0xffffff8aadbaac00 (size 128):\n    backtrace:\n      slab_post_alloc_hook+0xbc/0x3a4\n      __kmem_cache_alloc_node+0x1b4/0x2dc\n      __kmalloc+0x64/0x1a8\n      eem_unwrap+0x218/0x36c\n  unreferenced object 0xffffff89ccef3500 (size 64):\n    backtrace:\n      slab_post_alloc_hook+0xbc/0x3a4\n      __kmem_cache_alloc_node+0x1b4/0x2dc\n      kmalloc_trace+0x48/0x140\n      eem_unwrap+0x238/0x36c"
    }
  ],
  "id": "CVE-2025-68289",
  "lastModified": "2025-12-18T15:08:06.237",
  "metrics": {},
  "published": "2025-12-16T16:16:07.747",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-68289 (GCVE-0-2025-68289)

Vulnerability from cvelistv5

Published

2025-12-16 15:06

Modified

2025-12-16 15:06

Severity ?

Summary

References

URL

Tags

	https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
	https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
	https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
	https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
	https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf
	https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
	https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9

Impacted products

Vendor

Product

Version

Linux

Version: 3b545788505b2e2883aff13bdddeacaf88942a4f
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: 4249d6fbc10fd997abdf8a1ea49c0389a0edf706
Version: d55a236f1bab102e353ea5abb7b7b6ff7e847294
Version: 8e275d3d5915a8f7db3786e3f84534bb48245f4c
Version: 3680a6ff9a9ccd3c664663da04bef2534397d591
Version: d654be97e1b679616e3337b871a9ec8f31a88841
Version: 8bdef7f21cb6e53c0ce3e1cbcb05975aa0dd0fe9
Version: 77d7f071883cf2921a7547f82e41f15f7f860e35
Version: a55093941e38113dd6f5f5d5d2705fec3018f332

Linux

Version: 5.14

Show details on NVD website