PT-2025-6062 · Linux+8 · Linux Kernel+8
Syzbot
·
Published
2025-01-13
·
Updated
2025-10-03
·
CVE-2025-21689
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A null-ptr-deref issue has been resolved in the Linux kernel, specifically in the quatech2 USB serial driver. The issue arises from an incorrect bounds check in the
qt2 process read urb() function, which fails to account for the valid range of the serial->port buffer. When newport is equal to serial->num ports, the assignment of "port" is out-of-bounds and NULL. The fix checks if newport is greater than or equal to serial->num ports, indicating it is out-of-bounds.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu