A subtle but consequential flaw in the Linux kernel’s GS_USB CAN driver has been assigned CVE-2025-68343 after maintainers fixed a missing length check in the gs_usb_receive_bulk_callback handler. The bug allowed the driver to assume a full header was present in an incoming USB bulk transfer...
