CVE-2025-67268 – This vulnerability in gpsd allows attackers to ... (How to Fix)

📋 TL;DR

This vulnerability in gpsd allows attackers to trigger heap-based out-of-bounds writes by sending specially crafted NMEA2000 PGN 129540 packets with excessive satellite counts. This can lead to memory corruption, denial of service, and potentially remote code execution. Systems running vulnerable versions of gpsd that process NMEA2000 data are affected.

💻 Affected Systems

Products:

gpsd

Versions: All versions before commit dc966aa74c075d0a6535811d98628625cbfbe3f4

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when gpsd is configured to process NMEA2000 data streams

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise

🟠

Likely Case

Denial of service causing gpsd service crashes and GPS functionality disruption

🟢

If Mitigated

Service disruption without privilege escalation if memory protections are in place

🌐 Internet-Facing: MEDIUM - Requires gpsd to be exposed to untrusted networks and processing NMEA2000 data

🏢 Internal Only: LOW - Typically gpsd runs locally and processes trusted GPS data sources

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed NMEA2000 packets to gpsd's listening port

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit dc966aa74c075d0a6535811d98628625cbfbe3f4 and later

Vendor Advisory: https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4

Restart Required: Yes

Instructions:

1. Update gpsd to latest version from official repository
2. Apply commit dc966aa74c075d0a6535811d98628625cbfbe3f4
3. Restart gpsd service

🔧 Temporary Workarounds

Disable NMEA2000 processing

linux

Configure gpsd to not process NMEA2000 data streams

Edit gpsd configuration to exclude NMEA2000 sources

Network isolation

linux

Restrict network access to gpsd service

iptables -A INPUT -p tcp --dport 2947 -j DROP
ufw deny 2947/tcp

🧯 If You Can't Patch

Implement strict network segmentation to isolate gpsd from untrusted networks
Use application firewalls to filter NMEA2000 traffic to gpsd

🔍 How to Verify

Check if Vulnerable:

Check gpsd version and verify if commit dc966aa is present: git log --oneline | grep dc966aa

Check Version:

gpsd --version

Verify Fix Applied:

Verify the fix by checking the driver_nmea2000.c file for proper satellite count validation

📡 Detection & Monitoring

Log Indicators:

gpsd segmentation faults
gpsd service crashes
unusual memory allocation patterns

Network Indicators:

NMEA2000 PGN 129540 packets with satellite count > 184

SIEM Query:

process:gpsd AND (event_type:crash OR memory_violation)

📊 Metadata

CVE ID: CVE-2025-67268

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: January 2, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md Exploit,Third Party Advisory
https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c Product
https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67268, you might also want to check these: