Vulnerability DatabaseCVE-2025-68289

CVE-2025-68289:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_eem: Fix memory leak in eem_unwrap

The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks.

Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers.

kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

Published December 16, 2025

CNA Score N/A

Affected Technologies

Linux Debian
Linux Ubuntu

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 19.2

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

linux-azure-4.15
linux-azure-6.14

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13, 14 Has FixAdded at: Dec 17, 2025
Echo
- Echo Has FixAdded at: Dec 17, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUMNo FixAdded at: Dec 18, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23745	HIGH	8.2	JavaScript	tar	No	Yes	Jan 16, 2026
CVE-2026-23535	HIGH	8	Python	wlc	No	Yes	Jan 16, 2026
CVE-2026-23490	HIGH	7.5	Python	pyasn1	No	Yes	Jan 16, 2026
CVE-2026-23643	MEDIUM	5.4	CakePHP	cakephp	No	Yes	Jan 16, 2026
CVE-2025-61873	LOW	2.6	Linux Debian	request-tracker4	No	Yes	Jan 16, 2026