CVE-2025-68308

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers<br /> <br /> The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback`<br /> functions contain logic to zero-length commands. These commands are used<br /> to align data to the USB endpoint&amp;#39;s wMaxPacketSize boundary.<br /> <br /> The driver attempts to skip these placeholders by aligning the buffer<br /> position `pos` to the next packet boundary using `round_up()` function.<br /> <br /> However, if zero-length command is found exactly on a packet boundary<br /> (i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up`<br /> function will return the unchanged value of `pos`. This prevents `pos`<br /> to be increased, causing an infinite loop in the parsing logic.<br /> <br /> This patch fixes this in the function by using `pos + 1` instead.<br /> This ensures that even if `pos` is on a boundary, the calculation is<br /> based on `pos + 1`, forcing `round_up()` to always return the next<br /> aligned boundary.