CVE-2025-21877

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been resolved, related to the gl620a driver in the usbnet module. The issue arises from inconsistencies between expected and actually present endpoints, which can lead to a mismatch. This is caused by the genelink bind() function not properly verifying whether specified endpoints are provided by the device. The problem is fixed by using the usbnet get endpoints() function to check for endpoints and return early if any are missing.

Recommendations For Linux kernel versions prior to the fixed version, update to a version that includes the fix for the endpoint checking issue in the gl620a driver. As a temporary workaround, consider disabling the use of the gl620a driver until a patch is available. Restrict access to the vulnerable usbnet module to minimize the risk of exploitation.