CVE-2025-68289 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix memory leak in eem_unwrap The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks. Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers. kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9
https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf
https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68289-1efe@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68289
https://www.cve.org/CVERecord?id=CVE-2025-68289

History

Wed, 17 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68289-1efe@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68289 https://www.cve.org/CVERecord?id=CVE-2025-68289

Tue, 16 Dec 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix memory leak in eem_unwrap The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks. Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers. kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c
Title		usb: gadget: f_eem: Fix memory leak in eem_unwrap
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7 https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2 https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472 https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9 https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T15:06:10.450Z

Updated: 2025-12-16T15:06:10.450Z

Reserved: 2025-12-16T14:48:05.292Z

Link: CVE-2025-68289

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T16:16:07.747

Modified: 2025-12-16T16:16:07.747

Link: CVE-2025-68289

Redhat

Severity :

Publid Date: 2025-12-16T00:00:00Z

Links: CVE-2025-68289 - Bugzilla

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object