CVE-2025-68799

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> caif: fix integer underflow in cffrml_receive()<br /> <br /> The cffrml_receive() function extracts a length field from the packet<br /> header and, when FCS is disabled, subtracts 2 from this length without<br /> validating that len &gt;= 2.<br /> <br /> If an attacker sends a malicious packet with a length field of 0 or 1<br /> to an interface with FCS disabled, the subtraction causes an integer<br /> underflow.<br /> <br /> This can lead to memory exhaustion and kernel instability, potential<br /> information disclosure if padding contains uninitialized kernel memory.<br /> <br /> Fix this by validating that len &gt;= 2 before performing the subtraction.