CVE-2025-68289 in Linuxinfo

Summary

by MITRE • 12/16/2025

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_eem: Fix memory leak in eem_unwrap

The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks.

Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers.

kmemleak results: unreferenced object 0xffffff895a512300 (size 240): backtrace: slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64): backtrace: slab_post_alloc_hook+0xbc/0x3a4 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/24/2026

The vulnerability CVE-2025-68289 addresses a memory leak within the Linux kernel's USB gadget function eem_unwrap implementation. This flaw exists in the f_eem (Ethernet Emulation Model) driver which handles USB gadget communication for network emulation purposes. The issue stems from inadequate error handling in the command path where usb_ep_queue function failures are not properly managed, leading to memory allocation leaks that persist until system reboot. The vulnerability manifests when the kernel attempts to process USB gadget commands through the eem_unwrap function, which is responsible for unwrapping USB Ethernet frames.

The technical root cause involves improper resource cleanup when usb_ep_queue encounters failures during USB endpoint queue operations. The existing code structure fails to release previously allocated memory buffers when the usb_ep_queue operation does not complete successfully. This results in unreferenced kernel memory objects that remain allocated in the kernel's memory pool. Memory leak analysis reveals four distinct leaked objects of varying sizes 240, 256, 128, and 64 bytes, all originating from the eem_unwrap function execution path. These leaks occur during the allocation and processing of USB gadget frame data structures, specifically in the context of USB Ethernet emulation operations.

The operational impact of this vulnerability extends to system stability and resource utilization, particularly in embedded systems or devices that heavily utilize USB gadget functionality. Memory leaks accumulate over time and can eventually lead to system performance degradation or complete system exhaustion if left unaddressed. The vulnerability affects systems running Linux kernels with USB gadget support, particularly those implementing the f_eem driver for USB network emulation. Attackers could potentially exploit this vulnerability to exhaust system memory resources through sustained USB gadget operations, leading to denial of service conditions that impact legitimate system operations and network connectivity.

The patch resolves this issue by implementing improved error handling that ensures all allocated resources are freed upon usb_ep_queue failure. The fix maintains the existing goto-based error handling pattern rather than introducing complex auto-cleanup helpers, preserving the established code structure while ensuring proper resource management. This approach follows established kernel development practices for error handling and resource cleanup, aligning with the kernel's existing codebase patterns and maintainability requirements. The solution directly addresses the memory leak by ensuring that when usb_ep_queue fails, all previously allocated memory objects are properly deallocated before the function exits. This patch demonstrates adherence to security best practices in kernel development and follows the CWE-401 principle of proper resource management, specifically addressing memory leak vulnerabilities in kernel subsystems that can be exploited to cause system instability or denial of service conditions.

Responsible

Linux

Reservation

12/16/2025

Disclosure

12/16/2025

Moderation

accepted

CPE

ready

EPSS

0.00179

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!