CVE-2025-68308

In the Linux kernel, the following vulnerability has been resolved:

can: kvaser_usb: leaf: Fix potential infinite loop in command parsers

The kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback functions contain logic to zero-length commands. These commands are used to align data to the USB endpoint's wMaxPacketSize boundary.

The driver attempts to skip these placeholders by aligning the buffer position pos to the next packet boundary using round_up() function.

However, if zero-length command is found exactly on a packet boundary (i.e., pos is a multiple of wMaxPacketSize, including 0), round_up function will return the unchanged value of pos. This prevents pos to be increased, causing an infinite loop in the parsing logic.

This patch fixes this in the function by using pos + 1 instead. This ensures that even if pos is on a boundary, the calculation is based on pos + 1, forcing round_up() to always return the next aligned boundary.