cve 2025 68331

CVE-2025-68331 is a Linux kernel vulnerability in the USB Attached SCSI (UAS) driver that can cause a system panic when a UAS device is unplugged while I/O operations are in progress. The issue stems from a race condition in how the UAS driver handles partial URB submissions, leading to an invalid memory access when the kernel attempts to unmap already-freed scatter-gather entries during URB giveback. A patch has been released to fix this by changing the driver's handling of partial URBs, preventing the kernel panic. This vulnerability is relevant to Linux systems using UAS devices, and the fix ensures system stability during device removal.