Bug 2422838 (CVE-2025-68307)

Summary: CVE-2025-68307 kernel: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A resource leak was found in the gs_usb CAN driver in the Linux kernel. When USB bulk URB transmission fails, the driver does not perform proper cleanup, leaving URBs in an allocated state. Repeated failures progressively reduce available URBs until transmission stops completely.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-16 16:05:30 UTC 
In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs

The driver lacks the cleanup of failed transfers of URBs. This reduces the
number of available URBs per error by 1. This leads to reduced performance
and ultimately to a complete stop of the transmission.

If the sending of a bulk URB fails do proper cleanup:
- increase netdev stats
- mark the echo_sbk as free
- free the driver's context and do accounting
- wake the send queue
Comment 1 Alexander B 2025-12-16 17:21:07 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68307-5e9b@gregkh/T