CVE-2025-21743
Published: 27 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move the wDatagramIndex term to the other side of the inequality. An existing condition ensures that wDatagramIndex < urb->actual_length.
Security Summary
CVE-2025-21743 is a vulnerability in the Linux kernel's usbnet ipheth driver, where the DPE length check could overflow if wDatagramIndex + wDatagramLength exceeded U16_MAX, potentially leading to an out-of-bounds read. An existing condition ensures wDatagramIndex is less than urb->actual_length, but the original check did not properly prevent the overflow. The issue is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could result in high-impact confidentiality loss through kernel memory disclosure via the out-of-bounds read, as well as high-impact availability disruption, such as denial of service from a kernel crash, while integrity impact remains none.
Mitigation involves applying the kernel patches provided in the referenced stable commits, including 18bf6f5cce3172cb303c3f0551aa9443d5ed74f8, c219427ed296f94bb4b91d08626776dc7719ee27, d677e7dd59ad6837496f5a02d8e5d39824278dfd, and d824a964185910e317287f034c0a439c08b4fe49, which fix the check by moving the wDatagramIndex term to the other side of the inequality. Security practitioners should update affected Linux kernel versions accordingly.
Details
- CWE(s)