CVE-2025-68288

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: storage: Fix memory leak in USB bulk transport<br /> <br /> A kernel memory leak was identified by the &amp;#39;ioctl_sg01&amp;#39; test from Linux<br /> Test Project (LTP). The following bytes were mainly observed: 0x53425355.<br /> <br /> When USB storage devices incorrectly skip the data phase with status data,<br /> the code extracts/validates the CSW from the sg buffer, but fails to clear<br /> it afterwards. This leaves status protocol data in srb&amp;#39;s transfer buffer,<br /> such as the US_BULK_CS_SIGN &amp;#39;USBS&amp;#39; signature observed here. Thus, this can<br /> lead to USB protocols leaks to user space through SCSI generic (/dev/sg*)<br /> interfaces, such as the one seen here when the LTP test requested 512 KiB.<br /> <br /> Fix the leak by zeroing the CSW data in srb&amp;#39;s transfer buffer immediately<br /> after the validation of devices that skip data phase.<br /> <br /> Note: Differently from CVE-2018-1000204, which fixed a big leak by zero-<br /> ing pages at allocation time, this leak occurs after allocation, when USB<br /> protocol data is written to already-allocated sg pages.