CVE-2025-68750
usb: potential integer overflow in usbg_make_tpg()
Description
In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and adjusted the relevant code accordingly. This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential memory corruption").
INFO
Published Date :
Dec. 24, 2025, 4:15 p.m.
Last Modified :
Dec. 24, 2025, 4:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel.
- Apply the provided patch.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-68750.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-68750 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-68750
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-68750 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-68750 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 24, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and adjusted the relevant code accordingly. This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential memory corruption"). Added Reference https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24 Added Reference https://git.kernel.org/stable/c/153874010354d050f62f8ae25cbb960c17633dc5 Added Reference https://git.kernel.org/stable/c/358d5ba08f1609c34a054aed88c431844d09705a Added Reference https://git.kernel.org/stable/c/603a83e5fee38a950bfcfb2f36449311fa00a474 Added Reference https://git.kernel.org/stable/c/620a5e1e84a3a7004270703a118d33eeb1c0f368 Added Reference https://git.kernel.org/stable/c/6722e080b5b39ab7471386c73d0c1b39572f943c Added Reference https://git.kernel.org/stable/c/6f77e344515b5258edb3988188311464209b1c7c Added Reference https://git.kernel.org/stable/c/a33f507f36d5881f602dab581ab0f8d22b49762c