2422794 – (CVE-2025-68312) CVE-2025-68312 kernel: usbnet: Prevents free active kevent

Bug 2422794 (CVE-2025-68312) - CVE-2025-68312 kernel: usbnet: Prevents free active kevent

Summary: CVE-2025-68312 kernel: usbnet: Prevents free active kevent

Keywords:
Status:	NEW
Alias:	CVE-2025-68312
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-16 16:01 UTC by OSIDB Bzimport
Modified:	2025-12-19 05:20 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-16 16:01:54 UTC

In the Linux kernel, the following vulnerability has been resolved:

usbnet: Prevents free active kevent

The root cause of this issue are:
1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0);
put the kevent work in global workqueue. However, the kevent has not yet
been scheduled when the usbnet device is unregistered. Therefore, executing
free_netdev() results in the "free active object (kevent)" error reported
here.

2. Another factor is that when calling usbnet_disconnect()->unregister_netdev(),
if the usbnet device is up, ndo_stop() is executed to cancel the kevent.
However, because the device is not up, ndo_stop() is not executed.

The solution to this problem is to cancel the kevent before executing
free_netdev().

Comment 1 Alexander B 2025-12-16 20:01:19 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68312-63bb@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.