Memory Corruption Vulnerability in Linux Kernel CDC-ACM Driver
CVE-2025-21704

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 February 2025

Summary

A vulnerability in the CDC-ACM driver of the Linux kernel can lead to memory corruption when the control transfer buffer size is not properly checked before access. If the first fragment received is smaller than the expected structure, memory lengths may be read beyond the allocated buffer, resulting in undefined behavior. This issue has been part of the kernel since its early history and can lead to vulnerabilities during the reassembly of fragmented notifications, particularly when devices are accessed by ModemManager. Proper error handling is crucial to prevent exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7828e9363ac4d23b02419bf2a45b9f1d9fb35646

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6abb510251e75f875797d8983a830e6731fa281c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a...

https://git.kernel.org/stable/c/6abb510251e75f875797d8983...

https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f35...

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Dec 29, 2024