{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21689", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.741Z", "datePublished": "2025-02-10T15:58:45.493Z", "dateUpdated": "2025-02-10T15:58:45.493Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-10T15:58:45.493Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport > serial->num_ports) {\n dev_err(&port->dev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn't account for the valid range of the serial->port\nbuffer, which is from 0 to serial->num_ports - 1. When newport is equal\nto serial->num_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv->current_port = newport;\n port = serial->port[serial_priv->current_port];\n\nThe fix checks if newport is greater than or equal to serial->num_ports\nindicating it is out-of-bounds."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/serial/quatech2.c"], "versions": [{"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "fa4c7472469d97c4707698b4c0e098f8cfc2bf22", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "94770cf7c5124f0268d481886829dc2beecc4507", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "4b9b41fabcd38990f69ef0cee9c631d954a2b530", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "6377838560c03b36e1153a42ef727533def9b68f", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "f371471708c7d997f763b0e70565026eb67cc470", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "8542b33622571f54dfc2a267fce378b6e3840b8b", "status": "affected", "versionType": "git"}, {"version": "f7a33e608d9ae022b7f49307921627e34e9484ed", "lessThan": "575a5adf48b06a2980c9eeffedf699ed5534fade", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/serial/quatech2.c"], "versions": [{"version": "3.5", "status": "affected"}, {"version": "0", "lessThan": "3.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.290", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.234", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.178", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.128", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.75", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.12", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.1", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22"}, {"url": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507"}, {"url": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe"}, {"url": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530"}, {"url": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f"}, {"url": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470"}, {"url": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b"}, {"url": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade"}], "title": "USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C332DF00-BEC8-45B0-8795-4706DA6CBD65", "versionEndExcluding": "5.4.290", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F732162B-ED7E-4367-A5C2-B24FD9B0D33B", "versionEndExcluding": "5.10.234", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "171159A1-9827-4C7B-821D-55398B837C49", "versionEndExcluding": "5.15.178", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDB5047C-0330-407A-BE1B-513B5BF304DE", "versionEndExcluding": "6.1.128", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D39B53-7390-48BE-92FD-8846BE8E8430", "versionEndExcluding": "6.6.75", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B04C243A-753B-49A9-87C7-92FCC1425FB7", "versionEndExcluding": "6.12.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*", "matchCriteriaId": "5A3F9505-6B98-4269-8B81-127E55A1BF00", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*", "matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport > serial->num_ports) {\n dev_err(&port->dev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn't account for the valid range of the serial->port\nbuffer, which is from 0 to serial->num_ports - 1. When newport is equal\nto serial->num_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv->current_port = newport;\n port = serial->port[serial_priv->current_port];\n\nThe fix checks if newport is greater than or equal to serial->num_ports\nindicating it is out-of-bounds."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: serial: quatech2: arreglo de null-ptr-deref en qt2_process_read_urb() Este parche soluciona un null-ptr-deref en qt2_process_read_urb() debido a una comprobaci\u00f3n de los l\u00edmites incorrecta en lo siguiente: if (newport > serial->num_ports) { dev_err(&port->dev, \"%s - port change to invalid port: %i\\n\", __func__, newport); break; } La condici\u00f3n no tiene en cuenta el rango v\u00e1lido del b\u00fafer serial->port, que es de 0 a serial->num_ports - 1. Cuando newport es igual a serial->num_ports, la asignaci\u00f3n de \"port\" en el siguiente c\u00f3digo est\u00e1 fuera de los l\u00edmites y es NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; La soluci\u00f3n verifica si newport es mayor o igual que serial->num_ports, lo que indica que est\u00e1 fuera de los l\u00edmites."}], "id": "CVE-2025-21689", "lastModified": "2025-02-21T16:36:30.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-10T16:15:38.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()", "id": "2344683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344683"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\nif (newport > serial->num_ports) {\ndev_err(&port->dev,\n\"%s - port change to invalid port: %i\\n\",\n__func__, newport);\nbreak;\n}\nThe condition doesn't account for the valid range of the serial->port\nbuffer, which is from 0 to serial->num_ports - 1. When newport is equal\nto serial->num_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\nserial_priv->current_port = newport;\nport = serial->port[serial_priv->current_port];\nThe fix checks if newport is greater than or equal to serial->num_ports\nindicating it is out-of-bounds.", "A flaw was found in the quatech2 module in the Linux kernel. An incorrect check for invalid port numbers can cause a NULL pointer dereference and result in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-21689", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21689\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21689\nhttps://lore.kernel.org/linux-cve-announce/2025021055-CVE-2025-21689-7ffe@gregkh/T"], "threat_severity": "Moderate"}