CVE-2025-21735
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
27/02/2025
Last modified:
13/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
NFC: nci: Add bounds checking in nci_hci_create_pipe()<br />
<br />
The "pipe" variable is a u8 which comes from the network. If it&#39;s more<br />
than 127, then it results in memory corruption in the caller,<br />
nci_hci_connect_gate().
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4 (including) | 6.1.129 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.78 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/10b3f947b609713e04022101f492d288a014ddfa
- https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c
- https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e
- https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218
- https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f
- https://git.kernel.org/stable/c/674e17c5933779a8bf5c15d596fdfcb5ccdebbc2
- https://git.kernel.org/stable/c/bd249109d266f1d52548c46634a15b71656e0d44
- https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a