GHSA-CFF9-QHWV-R7Q7

Vulnerability from github – Published: 2025-12-16 15:30 – Updated: 2025-12-16 15:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup

Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due to strict alignment checks.

Initialize the MAC header to prevent such crashes.

This can trigger kernel panics on ARM when running IPsec over the qmimux0 interface.

Example trace:

Internal error: Oops: 000000009600004f [#1] SMP
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1
Hardware name: LS1028A RDB Board (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfrm_input+0xde8/0x1318
lr : xfrm_input+0x61c/0x1318
sp : ffff800080003b20
Call trace:
 xfrm_input+0xde8/0x1318
 xfrm6_rcv+0x38/0x44
 xfrm6_esp_rcv+0x48/0xa8
 ip6_protocol_deliver_rcu+0x94/0x4b0
 ip6_input_finish+0x44/0x70
 ip6_input+0x44/0xc0
 ipv6_rcv+0x6c/0x114
 __netif_receive_skb_one_core+0x5c/0x8c
 __netif_receive_skb+0x18/0x60
 process_backlog+0x78/0x17c
 __napi_poll+0x38/0x180
 net_rx_action+0x168/0x2f0
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-68192"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:51Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\n\nRaw IP packets have no MAC header, leaving skb-\u003emac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\n\nInitialize the MAC header to prevent such crashes.\n\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\n\nExample trace:\n\n    Internal error: Oops: 000000009600004f [#1] SMP\n    CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\n    Hardware name: LS1028A RDB Board (DT)\n    pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n    pc : xfrm_input+0xde8/0x1318\n    lr : xfrm_input+0x61c/0x1318\n    sp : ffff800080003b20\n    Call trace:\n     xfrm_input+0xde8/0x1318\n     xfrm6_rcv+0x38/0x44\n     xfrm6_esp_rcv+0x48/0xa8\n     ip6_protocol_deliver_rcu+0x94/0x4b0\n     ip6_input_finish+0x44/0x70\n     ip6_input+0x44/0xc0\n     ipv6_rcv+0x6c/0x114\n     __netif_receive_skb_one_core+0x5c/0x8c\n     __netif_receive_skb+0x18/0x60\n     process_backlog+0x78/0x17c\n     __napi_poll+0x38/0x180\n     net_rx_action+0x168/0x2f0",
  "id": "GHSA-cff9-qhwv-r7q7",
  "modified": "2025-12-16T15:30:45Z",
  "published": "2025-12-16T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68192"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0aabccdcec1f4a36f95829ea2263f845bbc77223"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e6b9004f01d0fef5b19778399bc5bf55f8c2d71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ab3b8f958d861a7f725a5be60769106509fbd69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae811175cea35b03ac6d7c910f43a82a43b9c3b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf527b80b80a282ab5bf1540546211fc35e5cd42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d693c47fb902b988f5752182e4f7fbde5e6dcaf9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd03780c29f87c26c0e0bb7e0db528c8109461fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e120f46768d98151ece8756ebd688b0e43dc8b29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.