CVE-2025-68282Signal Handler Race Condition in Linux

CWE-364Signal Handler Race Condition53 documents8 sources
Severity
7.8HIGHOSV
OSV7.2OSV3.2
No vector
EPSS
0.1%
top 79.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 16
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: udc: fix use-after-free in usb_gadget_state_work A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during t

Affected Packages7 packages

Linuxlinux/linux_kernel3.12.05.10.248+5
Debianlinux/linux_kernel< 5.10.249-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183+2
CVEListV5linux/linux5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15dddc944d65169b552e09cb54e3ed4fbb9ea26416+7

🔴Vulnerability Details

24
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01

🕵️Threat Intelligence

1
Wiz
CVE-2025-68282 Impact, Exploitability, and Mitigation Steps | Wiz