Exploitable Vulnerability in Linux Kernel's MIDI Streaming Descriptor Handling
CVE-2025-21835

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 March 2025

What is CVE-2025-21835?

A flaw in the Linux kernel's USB MIDI Streaming endpoint descriptors can lead to the leakage of uninitialized stack memory into the descriptors when the number of 'in' and 'out' MIDI ports differs. This inconsistency may produce invalid descriptors, potentially affecting the correct operation of MIDI devices. The issue arises from misconfigured lengths in the MIDI jack descriptors (bNumEmbMIDIJack and bLength) that do not align with the protected definitions already used elsewhere in the driver, highlighting a critical oversight in descriptor management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch