CVE-2025-21689

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530	Patch
https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade	Patch
https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe	Patch
https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f	Patch
https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b	Patch
https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507	Patch
https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470	Patch
https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:-::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc7::::::

History

21 Feb 2025, 16:36

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CWE		CWE-476
References	~~() https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530 -~~	() https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530 - Patch
References	~~() https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade -~~	() https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade - Patch
References	~~() https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe -~~	() https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe - Patch
References	~~() https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f -~~	() https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f - Patch
References	~~() https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b -~~	() https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b - Patch
References	~~() https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507 -~~	() https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507 - Patch
References	~~() https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470 -~~	() https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470 - Patch
References	~~() https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22 -~~	() https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: serial: quatech2: arreglo de null-ptr-deref en qt2_process_read_urb() Este parche soluciona un null-ptr-deref en qt2_process_read_urb() debido a una comprobación de los límites incorrecta en lo siguiente: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } La condición no tiene en cuenta el rango válido del búfer serial->port, que es de 0 a serial->num_ports - 1. Cuando newport es igual a serial->num_ports, la asignación de "port" en el siguiente código está fuera de los límites y es NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; La solución verifica si newport es mayor o igual que serial->num_ports, lo que indica que está fuera de los límites.
CPE		cpe:2.3:o:linux:linux_kernel:6.13:-:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::

10 Feb 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-10 16:15

Updated : 2025-02-21 16:36

NVD link : CVE-2025-21689

Mitre link : CVE-2025-21689

CVE.ORG link : CVE-2025-21689

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10