CVE-2025-21741

CVE-2025-21741 is an out-of-bounds read vulnerability in the ipheth driver within the usbnet subsystem of the Linux kernel. The issue arises from processing an excessive number of DPEs (Device Private Endpoints) beyond the fixed-size NDP16 header, leading to an out-of-bounds memory read classified under CWE-125. It affects Linux kernel versions prior to the application of the relevant stable patches and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A local attacker with low privileges can exploit this vulnerability by interacting with an affected ipheth USB device, such as through crafted USB traffic emulating an iPhone Ethernet adapter. Successful exploitation enables high-impact confidentiality violations, potentially leaking sensitive kernel memory, and high-impact availability disruptions, such as kernel crashes or denial of service.

Mitigation involves updating to Linux kernel versions incorporating the upstream fixes, as detailed in the stable commit references: https://git.kernel.org/stable/c/22475242ddb70e35c9148234be9a3aa9fb8efff9, https://git.kernel.org/stable/c/5835bf66c50ac2b85ed28b282c2456c3516ef0a6, https://git.kernel.org/stable/c/971b8c572559e52d32a2b82f2d9e0685439a0117, and https://git.kernel.org/stable/c/ee591f2b281721171896117f9946fced31441418. These patches limit the number of processed DPEs to the NDP16 header capacity, preventing the out-of-bounds access.