CVE-2025-21742

usbnet: ipheth: use static NDP16 location in URB

Description

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the `wNdpIndex` value in NTH16. Only the start position of NDP16 was checked, so it was possible for even the fixed-length part of NDP16 to extend past the end of URB, leading to an out-of-bounds read. On iOS devices, the NDP16 header always directly follows NTH16. Rely on and check for this specific format. This, along with NCM-specific minimal URB length check that already exists, will ensure that the fixed-length part of NDP16 plus a set amount of DPEs fit within the URB. Note that this commit alone does not fully address the OoB read. The limit on the amount of DPEs needs to be enforced separately.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8fb062178e1ce180e2cfdc9abc83a1b9fea381ca patch
https://git.kernel.org/stable/c/cf1ac7f7cf601ac31d1580559c002b5e37b733b7 patch
https://git.kernel.org/stable/c/2b619445dcb6dab97d8ed033fb57225aca1288c4 patch
https://git.kernel.org/stable/c/86586dcb75cb8fd062a518aca8ee667938b91efb patch

Frequently Asked Questions

What is the severity of CVE-2025-21742?
CVE-2025-21742 has been scored as a high severity vulnerability.
How to fix CVE-2025-21742?
To fix CVE-2025-21742, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21742 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21742 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21742?
CVE-2025-21742 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.