#VU103742 Out-of-bounds read in Linux kernel - CVE-2025-21689
Published: February 10, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU103742
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21689
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530
- https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade
- https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe
- https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f
- https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b
- https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507
- https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470
- https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.290