lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025121639-CVE-2025-68289-1efe@gregkh>
Date: Tue, 16 Dec 2025 16:06:43 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68289: usb: gadget: f_eem: Fix memory leak in eem_unwrap

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_eem: Fix memory leak in eem_unwrap

The existing code did not handle the failure case of usb_ep_queue in the
command path, potentially leading to memory leaks.

Improve error handling to free all allocated resources on usb_ep_queue
failure. This patch continues to use goto logic for error handling, as the
existing error handling is complex and not easily adaptable to auto-cleanup
helpers.

kmemleak results:
  unreferenced object 0xffffff895a512300 (size 240):
    backtrace:
      slab_post_alloc_hook+0xbc/0x3a4
      kmem_cache_alloc+0x1b4/0x358
      skb_clone+0x90/0xd8
      eem_unwrap+0x1cc/0x36c
  unreferenced object 0xffffff8a157f4000 (size 256):
    backtrace:
      slab_post_alloc_hook+0xbc/0x3a4
      __kmem_cache_alloc_node+0x1b4/0x2dc
      kmalloc_trace+0x48/0x140
      dwc3_gadget_ep_alloc_request+0x58/0x11c
      usb_ep_alloc_request+0x40/0xe4
      eem_unwrap+0x204/0x36c
  unreferenced object 0xffffff8aadbaac00 (size 128):
    backtrace:
      slab_post_alloc_hook+0xbc/0x3a4
      __kmem_cache_alloc_node+0x1b4/0x2dc
      __kmalloc+0x64/0x1a8
      eem_unwrap+0x218/0x36c
  unreferenced object 0xffffff89ccef3500 (size 64):
    backtrace:
      slab_post_alloc_hook+0xbc/0x3a4
      __kmem_cache_alloc_node+0x1b4/0x2dc
      kmalloc_trace+0x48/0x140
      eem_unwrap+0x238/0x36c

The Linux kernel CVE team has assigned CVE-2025-68289 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.10.50 with commit 3b545788505b2e2883aff13bdddeacaf88942a4f and fixed in 5.10.247 with commit a9985a88b2fc29fbe1657fe8518908e261d6889c
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 5.15.197 with commit 5a1628283cd9dccf1e44acfb74e77504f4dc7472
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 6.1.159 with commit 0ac07e476944a5e4c2b8b087dd167dec248c1bdf
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 6.6.119 with commit 41434488ca714ab15cb2a4d0378418d1be8052d2
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 6.12.61 with commit e72c963177c708a167a7e17ed6c76320815157cf
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 6.17.11 with commit 0dea2e0069a7e9aa034696f8065945b7be6dd6b7
	Issue introduced in 5.14 with commit 4249d6fbc10fd997abdf8a1ea49c0389a0edf706 and fixed in 6.18 with commit e4f5ce990818d37930cd9fb0be29eee0553c59d9
	Issue introduced in 4.4.276 with commit d55a236f1bab102e353ea5abb7b7b6ff7e847294
	Issue introduced in 4.9.276 with commit 8e275d3d5915a8f7db3786e3f84534bb48245f4c
	Issue introduced in 4.14.240 with commit 3680a6ff9a9ccd3c664663da04bef2534397d591
	Issue introduced in 4.19.198 with commit d654be97e1b679616e3337b871a9ec8f31a88841
	Issue introduced in 5.4.132 with commit 8bdef7f21cb6e53c0ce3e1cbcb05975aa0dd0fe9
	Issue introduced in 5.12.17 with commit 77d7f071883cf2921a7547f82e41f15f7f860e35
	Issue introduced in 5.13.2 with commit a55093941e38113dd6f5f5d5d2705fec3018f332

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-68289
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/usb/gadget/function/f_eem.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
	https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
	https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
	https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
	https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf
	https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
	https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ