CVE-2025-21735

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFC: nci: Add bounds checking in nci_hci_create_pipe()

The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < bd249109d266f1d52548c46634a15b71656e0d44affected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 674e17c5933779a8bf5c15d596fdfcb5ccdebbc2affected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 10b3f947b609713e04022101f492d288a014ddfaaffected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < d5a461c315e5ff92657f84d8ba50caa5abf5c22aaffected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 172cdfc3a5ea20289c58fb73dadc6fd4a8784a4eaffected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 2ae4bade5a64d126bd18eb66bd419005c5550218affected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 59c7ed20217c0939862fbf8145bc49d5b3a13f4faffected
LinuxLinuxa1b0b9415817c14d207921582f269d03f848b69f < 110b43ef05342d5a11284cc8b21582b698b4ef1caffected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.78 <= 6.6.*unaffected
LinuxLinux6.12.14 <= 6.12.*unaffected
LinuxLinux6.13.3 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References