CVE-2025-68750

medium

Description

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and adjusted the relevant code accordingly. This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential memory corruption").

References

https://git.kernel.org/stable/c/a33f507f36d5881f602dab581ab0f8d22b49762c

https://git.kernel.org/stable/c/6f77e344515b5258edb3988188311464209b1c7c

https://git.kernel.org/stable/c/6722e080b5b39ab7471386c73d0c1b39572f943c

https://git.kernel.org/stable/c/620a5e1e84a3a7004270703a118d33eeb1c0f368

https://git.kernel.org/stable/c/603a83e5fee38a950bfcfb2f36449311fa00a474

https://git.kernel.org/stable/c/358d5ba08f1609c34a054aed88c431844d09705a

https://git.kernel.org/stable/c/153874010354d050f62f8ae25cbb960c17633dc5

https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2025-12-29

Risk Information

CVSS v2

Base Score: 5.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Severity: Medium

EPSS

EPSS: 0.00024