Out-of-Bounds Read Vulnerability in Linux Kernel USB Networking Component
CVE-2025-21743

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the USB networking component of the Linux kernel, specifically in the ipheth driver, where improper handling of the datagram index and length could result in an out-of-bounds (OoB) read. This issue arises if the sum of the datagram index and length exceeds the maximum value for a 16-bit unsigned integer. To mitigate the risk, appropriate checks have been implemented ensuring that the datagram index remains within safe limits relative to the actual length of the USB request.

Affected Version(s)

Linux a2d274c62e44b1995c170595db3865c6fe701226 < 18bf6f5cce3172cb303c3f0551aa9443d5ed74f8

Linux a2d274c62e44b1995c170595db3865c6fe701226

References

https://git.kernel.org/stable/c/18bf6f5cce3172cb303c3f055...

https://git.kernel.org/stable/c/d677e7dd59ad6837496f5a02d...

https://git.kernel.org/stable/c/d824a964185910e317287f034...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024