#VU103925 Input validation error in Linux kernel - CVE-2025-21698
Published: February 12, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU103925
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21698
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gserial_disconnect() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/086fd062bc3883ae1ce4166cff5355db315ad879
- https://git.kernel.org/stable/c/20ce02f2f73af331dec76d3b8b78b18f4699db05
- https://git.kernel.org/stable/c/33233b06ad15730d0463e8f152db2eca15c7f498
- https://git.kernel.org/stable/c/3d8f4dc8c78ffd77a4106614977c1e51531690f7
- https://git.kernel.org/stable/c/76e7577bb89b327abdf72d4c0d486074a17f712a
- https://git.kernel.org/stable/c/99c866bea85efdebfb6953a8a305f21ef5ca4991
- https://git.kernel.org/stable/c/bb50dc2aa49dcb5cc81205d814c08337b5da28ac
- https://git.kernel.org/stable/c/f8b8883ad76d36ee890b18311096af7af7d7a921
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.1