CVE-2025-68312
Published: Dec 16, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here. 2. Another factor is that when calling usbnet_disconnect()->unregister_netdev(), if the usbnet device is up, ndo_stop() is executed to cancel the kevent. However, because the device is not up, ndo_stop() is not executed. The solution to this problem is to cancel the kevent before executing free_netdev().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8b4588b8b00b299be16a35be67b331d8fdba03f3 - < 285d4b953f2ca03c358f986718dd89ee9bde632eaffected 135199a2edd459d2b123144efcd7f9bcd95128e4 - < 88a38b135d69f5db9024ff6527232f1b51be8915affected 635fd8953e4309b54ca6a81bed1d4a87668694f4 - < 43005002b60ef3424719ecda16d124714b45da3baffected a69e617e533edddf3fa3123149900f36e0a6dc74 - < 3a10619fdefd3051aeb14860e4d4335529b4e94daffected a69e617e533edddf3fa3123149900f36e0a6dc74 - < 9a579d6a39513069d298eee70770bbac8a148565+16 more versions |
Linux | Linux | affected 6.0unaffected 0 - < 6.0unaffected 5.4.302 - <= 5.4.*unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now