PT-2025-8906 · Linux+3 · Linux Kernel+3

Syzbot

Published

2025-02-05

Updated

2025-06-12

CVE-2025-21794

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A stack-out-of-bounds read issue was found in the hid-thrustmaster driver of the Linux kernel. The usb check int endpoints() function, located in the usb.c core driver, iterates over the elements of the ep addr array. If a null element is not found at the end of the array, it attempts to read the next, non-existent element, potentially crashing the kernel. The issue was detected by Syzbot.

Recommendations To fix this issue, a null element (0) was added at the end of the ep addr array to prevent the out-of-bounds read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-57764

BDU:2025-11876

CVE-2025-21794

DLA-4102-1

OPENSUSE-SU-2025_1177-1

OPENSUSE-SU-2025_1178-1

OPENSUSE-SU-2025_1180-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:20190-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20260-1

SUSE-SU-2025:20270-1

SUSE-SU-2025_1177-1

SUSE-SU-2025_1178-1

SUSE-SU-2025_1180-1

Affected Products

Astra Linux

Debian

Linux Kernel

Suse

PT-2025-8906 · Linux+3 · Linux Kernel+3

CVE-2025-21794

Weakness Enumeration

Related Identifiers

Affected Products

References · 1212