SB2025121651 - Memory leak in Linux kernel gadget function driver
Published: December 16, 2025
Security Bulletin ID
SB2025121651
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
- https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
- https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
- https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
- https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
- https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9
- https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf