Stack-Out-of-Bounds Read Vulnerability in Linux Kernel's HID Thrustmaster Driver
CVE-2025-21794

7.1HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21794?

A stack-out-of-bounds read vulnerability in the HID Thrustmaster driver can lead to kernel crashes due to improper handling of the ep_addr array within the usb_check_int_endpoints function. This occurs when the function attempts to read beyond the bounds of the array, resulting in a crash. To mitigate this issue, a zero element has been added at the end of the array to ensure that the for loop terminates correctly, preventing excessive reads and maintaining kernel stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 220883fba32549a34f0734e4859d07f4dcd56992 < 436f48c864186e9413d1b7c6e91767cc9e1a65b8

Linux ae730deded66150204c494282969bfa98dc3ae67

Linux e5bcae4212a6a4b4204f46a1b8bcba08909d2007

References

https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e...
https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f538...
https://git.kernel.org/stable/c/cdd9a1ea23ff1a27254721710...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.