DEBIAN-CVE-2025-68308
In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: leaf: Fix potential infinite loop in command parsers The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback` functions contain logic to zero-length commands. These commands are used to align data to the USB endpoint's wMaxPacketSize boundary. The driver attempts to skip these placeholders by aligning the buffer position `pos` to the next packet boundary using `round_up()` function. However, if zero-length command is found exactly on a packet boundary (i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up` function will return the unchanged value of `pos`. This prevents `pos` to be increased, causing an infinite loop in the parsing logic. This patch fixes this in the function by using `pos + 1` instead. This ensures that even if `pos` is on a boundary, the calculation is based on `pos + 1`, forcing `round_up()` to always return the next aligned boundary.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | *, 6.12.48-1, * |
| Debian:11 | linux | 5.10.221-1, 5.10.218-1, 5.10.216-1 |
| Debian:11 | linux-6.1 | 0, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2 |
| Debian:12 | linux | 6.1.133-1, 0, 6.1.106-2 |
| Debian:14 | linux | 0, *, 6.17.7-2 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Dec 16, 2025 CVE Published
- Apr 28, 2026 CVE Updated