Stack-Out-of-Bounds Read Vulnerability in Linux Kernel's HID Thrustmaster Driver
CVE-2025-21794

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A stack-out-of-bounds read vulnerability in the HID Thrustmaster driver can lead to kernel crashes due to improper handling of the ep_addr array within the usb_check_int_endpoints function. This occurs when the function attempts to read beyond the bounds of the array, resulting in a crash. To mitigate this issue, a zero element has been added at the end of the array to ensure that the for loop terminates correctly, preventing excessive reads and maintaining kernel stability.

Affected Version(s)

Linux 220883fba32549a34f0734e4859d07f4dcd56992 < 436f48c864186e9413d1b7c6e91767cc9e1a65b8

Linux ae730deded66150204c494282969bfa98dc3ae67

Linux e5bcae4212a6a4b4204f46a1b8bcba08909d2007

References

https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e...

https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f538...

https://git.kernel.org/stable/c/cdd9a1ea23ff1a27254721710...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024