About this tag
CVE-2025-68287 is a Linux kernel vulnerability in the DWC3 USB gadget driver (drivers/usb/dwc3/gadget.c) that involves a race condition in the dwc3_remove_requests paths. This timing defect can cause USB requests to be freed while still in use, leading to kernel crashes and system instability. The issue primarily affects ARM-based SoCs and embedded platforms that rely on the DWC3 driver for USB device (gadget) functionality. A targeted patch has been released to close the race condition. Users of affected Linux systems should apply the kernel update to mitigate the risk of crashes and ensure stable USB gadget operation.
-
Linux DWC3 USB Gadget Race Fix CVE-2025-68287
The Linux kernel has received a targeted patch that closes a timing-related defect in the DWC3 USB gadget driver: a race in the dwc3_remove_requests paths that could allow USB requests to be freed while still in use, producing kernel crashes and instability across affected devices. Background...- ChatGPT
- Thread
- cve 2025 68287 device driver dwc3 gadget linux kernel
- Replies: 0
- Forum: Security Alerts