CVE-2025-68734 | isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when setup_instance() fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also change the error paths to use the goto ladder style. Compile tested only. Issue found using a prototype static analysis tool.

Published: 2025-12-24 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-68734 is rated Low Risk (6/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68734

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-24	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68734

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68734

OS Trackers for CVE-2025-68734

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-68734 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-68734
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2025-68734
`suse`	medium	CVE-2025-68734 severity moderate: SUSE including 370 source package names (2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, 2.1.3-7.146:kernel-rt-6.4.0-40.1, …), 852 product×package rows across 165 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (165 product lines)): Fixed 385, Known Not Affected 236, Known Affected 231.	https://www.suse.com/security/cve/CVE-2025-68734/
`ubuntu`	medium	CVE-2025-68734 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 183, released 156, needed 49, not-affected 4, pending 3.	https://ubuntu.com/security/CVE-2025-68734

Affected software / configurations for CVE-2025-68734

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-68734

URL	Tags
https://git.kernel.org/stable/c/03695541b3349bc40bf5d6563d44d6147fb20260
https://git.kernel.org/stable/c/3f7c72bc73c4e542fde14cce017549d8a0b61a3c
https://git.kernel.org/stable/c/3f978e3f1570155a1327ffa25f60968bc7b9398f
https://git.kernel.org/stable/c/475032fa2bb82ffb592c321885e917e39f47357f
https://git.kernel.org/stable/c/6dce43433e0635e7b00346bc937b69ce48ea71bb
https://git.kernel.org/stable/c/adb7577e23a431fc53aa1b6107733c0d751015fb
https://git.kernel.org/stable/c/b70c24827e11fdc71465f9207e974526fb457bb9
https://git.kernel.org/stable/c/ea7936304ed74ab7f965d17f942a173ce91a5ca8

cvelogic Threat Intelligence