CVE-2025-21794
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from hid-thrustmaster driver. This array is passed to usb_check_int_endpoints function from usb.c core driver, which executes a for loop that iterates over the elements of the passed array. Not finding a null element at the end of the array, it tries to read the next, non-existent element, crashing the kernel.
To fix this, a 0 element was added at the end of the array to break the for loop.
[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 220883fba32549a34f0734e4859d07f4dcd56992 < 436f48c864186e9413d1b7c6e91767cc9e1a65b8 | affected |
| Linux | Linux | ae730deded66150204c494282969bfa98dc3ae67 < f3ce05283f6cb6e19c220f5382def43dc5bd56b9 | affected |
| Linux | Linux | e5bcae4212a6a4b4204f46a1b8bcba08909d2007 < cdd9a1ea23ff1a272547217100663e8de4eada40 | affected |
| Linux | Linux | 816e84602900f7f951458d743fa12769635ebfd5 < 73e36a699b9f46322ffb81f072a24e64f728dba7 | affected |
| Linux | Linux | 50420d7c79c37a3efe4010ff9b1bb14bc61ebccf < 0b43d98ff29be3144e86294486b1373b5df74c0e | affected |
| Linux | Linux | 6.6.76 < 6.6.79 | affected |
| Linux | Linux | 6.12.13 < 6.12.16 | affected |
| Linux | Linux | 6.13.2 < 6.13.4 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8
- https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9
- https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40
- https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7
- https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.