#VU120008 Memory leak in Linux kernel - CVE-2025-68289
Published: December 16, 2025
Vulnerability identifier: #VU120008
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-68289
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf
- https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7
- https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2
- https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472
- https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c
- https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9
- https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf