fkie_cve-2025-21689
Vulnerability from fkie_nvd
Published
2025-02-10 16:15
Modified
2025-11-03 21:19
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
This patch addresses a null-ptr-deref in qt2_process_read_urb() due to
an incorrect bounds check in the following:
if (newport > serial->num_ports) {
dev_err(&port->dev,
"%s - port change to invalid port: %i\n",
__func__, newport);
break;
}
The condition doesn't account for the valid range of the serial->port
buffer, which is from 0 to serial->num_ports - 1. When newport is equal
to serial->num_ports, the assignment of "port" in the
following code is out-of-bounds and NULL:
serial_priv->current_port = newport;
port = serial->port[serial_priv->current_port];
The fix checks if newport is greater than or equal to serial->num_ports
indicating it is out-of-bounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C332DF00-BEC8-45B0-8795-4706DA6CBD65",
"versionEndExcluding": "5.4.290",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F732162B-ED7E-4367-A5C2-B24FD9B0D33B",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "171159A1-9827-4C7B-821D-55398B837C49",
"versionEndExcluding": "5.15.178",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB5047C-0330-407A-BE1B-513B5BF304DE",
"versionEndExcluding": "6.1.128",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D39B53-7390-48BE-92FD-8846BE8E8430",
"versionEndExcluding": "6.6.75",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C243A-753B-49A9-87C7-92FCC1425FB7",
"versionEndExcluding": "6.12.12",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*",
"matchCriteriaId": "5A3F9505-6B98-4269-8B81-127E55A1BF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*",
"matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: serial: quatech2: arreglo de null-ptr-deref en qt2_process_read_urb() Este parche soluciona un null-ptr-deref en qt2_process_read_urb() debido a una comprobaci\u00f3n de los l\u00edmites incorrecta en lo siguiente: if (newport \u0026gt; serial-\u0026gt;num_ports) { dev_err(\u0026amp;port-\u0026gt;dev, \"%s - port change to invalid port: %i\\n\", __func__, newport); break; } La condici\u00f3n no tiene en cuenta el rango v\u00e1lido del b\u00fafer serial-\u0026gt;port, que es de 0 a serial-\u0026gt;num_ports - 1. Cuando newport es igual a serial-\u0026gt;num_ports, la asignaci\u00f3n de \"port\" en el siguiente c\u00f3digo est\u00e1 fuera de los l\u00edmites y es NULL: serial_priv-\u0026gt;current_port = newport; port = serial-\u0026gt;port[serial_priv-\u0026gt;current_port]; La soluci\u00f3n verifica si newport es mayor o igual que serial-\u0026gt;num_ports, lo que indica que est\u00e1 fuera de los l\u00edmites."
}
],
"id": "CVE-2025-21689",
"lastModified": "2025-11-03T21:19:08.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-10T16:15:38.447",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…