PT-2025-7541 · Linux+7 · Linux Kernel+7
Jann Horn
·
Published
2025-02-14
·
Updated
2026-04-20
·
CVE-2025-21704
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to the version that includes the fix for this issue
Description
A memory corruption issue exists due to incorrect handling of control transfer buffer sizes in the usb: cdc-acm module. When the first fragment is shorter than struct usb cdc notification, it leads to an error and potential memory corruption. This issue is mitigated by the fact that the vulnerable function can only execute after userspace has opened /dev/ttyACM*, but ModemManager can automatically open this interface depending on the USB device's configuration.
Recommendations
For Linux kernel versions prior to the fixed version, consider disabling the usb: cdc-acm module or restricting access to /dev/ttyACM* until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu