Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-68308
CVE-2025-68308:
Linux Kernel vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
The kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback
functions contain logic to zero-length commands. These commands are used
to align data to the USB endpoint's wMaxPacketSize boundary.
The driver attempts to skip these placeholders by aligning the buffer
position pos to the next packet boundary using round_up() function.
However, if zero-length command is found exactly on a packet boundary
(i.e., pos is a multiple of wMaxPacketSize, including 0), round_up
function will return the unchanged value of pos. This prevents pos
to be increased, causing an infinite loop in the parsing logic.
This patch fixes this in the function by using pos + 1 instead.
This ensures that even if pos is on a boundary, the calculation is
based on pos + 1, forcing round_up() to always return the next
aligned boundary.
Source: NVD
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management