CVE-2025-21916

Published Apr 1, 2025

Last updated 6 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ...
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Modified
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2025-21916 In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in … https://t.co/3ZT9SRuDHS
@CVEnew
2 Apr 2025
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DBCC7CEA-15C0-47C4-8D3B-10F7FF0BEBA3",
            "versionEndExcluding": "4.20",
            "versionStartIncluding": "4.19.317",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "11E1BD30-3F97-4B56-AD8B-8751ED8233DD",
            "versionEndExcluding": "5.4.291",
            "versionStartIncluding": "5.4.279",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9ADA7F30-C6AB-44C5-9C83-366990952EDC",
            "versionEndExcluding": "5.10.235",
            "versionStartIncluding": "5.10.221",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1288D06-ABD9-47BA-AFEB-6A9D2807184C",
            "versionEndExcluding": "5.15.179",
            "versionStartIncluding": "5.15.162",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D11897AA-E2F8-40BC-98C0-6383FEF2E533",
            "versionEndExcluding": "6.1.131",
            "versionStartIncluding": "6.1.97",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "22711759-DA6C-40DE-827E-415E75B86CF2",
            "versionEndExcluding": "6.6.83",
            "versionStartIncluding": "6.6.37",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7CD11465-AFC4-428F-A933-C8F6486DDC2F",
            "versionEndExcluding": "6.10",
            "versionStartIncluding": "6.9.8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1F265CB5-9202-4B16-ACEA-45BEDFBF2FBF",
            "versionEndExcluding": "6.12.19",
            "versionStartIncluding": "6.10.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "842F5A44-3E71-4546-B4FD-43B0ACE3F32B",
            "versionEndExcluding": "6.13.7",
            "versionStartIncluding": "6.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*",
            "matchCriteriaId": "9EA80796-744E-45F5-8632-2AB4F7889FCD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "11AF4CB9-F697-4EA4-8903-8F9417EFDA8E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References