CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved:

can: gsusb: gsusbreceivebulkcallback(): check actuallength before accessing header

The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback().

Use structgroup to describe the header of the struct gshost_frame and check that we have at least received the header before accessing any members of it.

To resubmit the URB, do not dereference the pointer chain "dev->parent->hfsizerx" but use "parent->hfsizerx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.