FKIE_CVE-2025-68192

Vulnerability from fkie_nvd - Published: 2025-12-16 14:15 - Updated: 2025-12-18 15:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due to strict alignment checks. Initialize the MAC header to prevent such crashes. This can trigger kernel panics on ARM when running IPsec over the qmimux0 interface. Example trace: Internal error: Oops: 000000009600004f [#1] SMP CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1 Hardware name: LS1028A RDB Board (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xfrm_input+0xde8/0x1318 lr : xfrm_input+0x61c/0x1318 sp : ffff800080003b20 Call trace: xfrm_input+0xde8/0x1318 xfrm6_rcv+0x38/0x44 xfrm6_esp_rcv+0x48/0xa8 ip6_protocol_deliver_rcu+0x94/0x4b0 ip6_input_finish+0x44/0x70 ip6_input+0x44/0xc0 ipv6_rcv+0x6c/0x114 __netif_receive_skb_one_core+0x5c/0x8c __netif_receive_skb+0x18/0x60 process_backlog+0x78/0x17c __napi_poll+0x38/0x180 net_rx_action+0x168/0x2f0
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0aabccdcec1f4a36f95829ea2263f845bbc77223
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4e6b9004f01d0fef5b19778399bc5bf55f8c2d71
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8ab3b8f958d861a7f725a5be60769106509fbd69
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ae811175cea35b03ac6d7c910f43a82a43b9c3b3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bf527b80b80a282ab5bf1540546211fc35e5cd42
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d693c47fb902b988f5752182e4f7fbde5e6dcaf9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dd03780c29f87c26c0e0bb7e0db528c8109461fb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e120f46768d98151ece8756ebd688b0e43dc8b29
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\n\nRaw IP packets have no MAC header, leaving skb-\u003emac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\n\nInitialize the MAC header to prevent such crashes.\n\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\n\nExample trace:\n\n    Internal error: Oops: 000000009600004f [#1] SMP\n    CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\n    Hardware name: LS1028A RDB Board (DT)\n    pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n    pc : xfrm_input+0xde8/0x1318\n    lr : xfrm_input+0x61c/0x1318\n    sp : ffff800080003b20\n    Call trace:\n     xfrm_input+0xde8/0x1318\n     xfrm6_rcv+0x38/0x44\n     xfrm6_esp_rcv+0x48/0xa8\n     ip6_protocol_deliver_rcu+0x94/0x4b0\n     ip6_input_finish+0x44/0x70\n     ip6_input+0x44/0xc0\n     ipv6_rcv+0x6c/0x114\n     __netif_receive_skb_one_core+0x5c/0x8c\n     __netif_receive_skb+0x18/0x60\n     process_backlog+0x78/0x17c\n     __napi_poll+0x38/0x180\n     net_rx_action+0x168/0x2f0"
    }
  ],
  "id": "CVE-2025-68192",
  "lastModified": "2025-12-18T15:08:25.907",
  "metrics": {},
  "published": "2025-12-16T14:15:51.900",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0aabccdcec1f4a36f95829ea2263f845bbc77223"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4e6b9004f01d0fef5b19778399bc5bf55f8c2d71"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8ab3b8f958d861a7f725a5be60769106509fbd69"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ae811175cea35b03ac6d7c910f43a82a43b9c3b3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bf527b80b80a282ab5bf1540546211fc35e5cd42"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d693c47fb902b988f5752182e4f7fbde5e6dcaf9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dd03780c29f87c26c0e0bb7e0db528c8109461fb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e120f46768d98151ece8756ebd688b0e43dc8b29"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.