Out-of-Bounds Read Vulnerability in Linux Kernel USB Core
CVE-2025-39760

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
11 September 2025

What is CVE-2025-39760?

A vulnerability has been identified in the Linux kernel's USB core that allows for out-of-bounds reads within the SS endpoint companion parsing. Specifically, the function usb_parse_ss_endpoint_companion() inadequately checks the descriptor type against the specified length before accessing fields, which could lead to unauthorized access to memory. This oversight has been addressed by implementing better size validation checks before field access to enhance overall security and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 < 5c3097ede7835d3caf6543eb70ff689af4550cd2

Linux 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 < 058ad2b722812708fe90567875704ae36563e33b

Linux 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8

References

https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb7...
https://git.kernel.org/stable/c/058ad2b722812708fe9056787...
https://git.kernel.org/stable/c/b10e0f868067c6f25bbfabdcf...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.