CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header<br /> <br /> The driver expects to receive a struct gs_host_frame in<br /> gs_usb_receive_bulk_callback().<br /> <br /> Use struct_group to describe the header of the struct gs_host_frame and<br /> check that we have at least received the header before accessing any<br /> members of it.<br /> <br /> To resubmit the URB, do not dereference the pointer chain<br /> "dev-&gt;parent-&gt;hf_size_rx" but use "parent-&gt;hf_size_rx" instead. Since<br /> "urb-&gt;context" contains "parent", it is always defined, while "dev" is not<br /> defined if the URB it too short.