{"id":"CVE-2025-68750","summary":"usb: potential integer overflow in usbg_make_tpg()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: potential integer overflow in usbg_make_tpg()\n\nThe variable tpgt in usbg_make_tpg() is defined as unsigned long and is\nassigned to tpgt-\u003etport_tpgt, which is defined as u16. This may cause an\ninteger overflow when tpgt is greater than USHRT_MAX (65535). I\nhaven't tried to trigger it myself, but it is possible to trigger it\nby calling usbg_make_tpg() with a large value for tpgt.\n\nI modified the type of tpgt to match tpgt-\u003etport_tpgt and adjusted the\nrelevant code accordingly.\n\nThis patch is similar to commit 59c816c1f24d (\"vhost/scsi: potential\nmemory corruption\").","modified":"2026-03-31T17:29:26.031072Z","published":"2025-12-24T15:51:03.141Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68750.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24"},{"type":"WEB","url":"https://git.kernel.org/stable/c/153874010354d050f62f8ae25cbb960c17633dc5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/358d5ba08f1609c34a054aed88c431844d09705a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/603a83e5fee38a950bfcfb2f36449311fa00a474"},{"type":"WEB","url":"https://git.kernel.org/stable/c/620a5e1e84a3a7004270703a118d33eeb1c0f368"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6722e080b5b39ab7471386c73d0c1b39572f943c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6f77e344515b5258edb3988188311464209b1c7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a33f507f36d5881f602dab581ab0f8d22b49762c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68750.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68750"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c52661d60f636d17e26ad834457db333bd1df494"},{"fixed":"0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24"},{"fixed":"603a83e5fee38a950bfcfb2f36449311fa00a474"},{"fixed":"6f77e344515b5258edb3988188311464209b1c7c"},{"fixed":"6722e080b5b39ab7471386c73d0c1b39572f943c"},{"fixed":"a33f507f36d5881f602dab581ab0f8d22b49762c"},{"fixed":"358d5ba08f1609c34a054aed88c431844d09705a"},{"fixed":"620a5e1e84a3a7004270703a118d33eeb1c0f368"},{"fixed":"153874010354d050f62f8ae25cbb960c17633dc5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68750.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.5.0"},{"fixed":"5.4.296"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.240"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.187"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.143"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.96"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.36"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.15.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68750.json"}}],"schema_version":"1.7.5"}