CVE-2025-21689

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()<br /> <br /> This patch addresses a null-ptr-deref in qt2_process_read_urb() due to<br /> an incorrect bounds check in the following:<br /> <br /> if (newport &gt; serial-&gt;num_ports) {<br /> dev_err(&amp;port-&gt;dev,<br /> "%s - port change to invalid port: %i\n",<br /> __func__, newport);<br /> break;<br /> }<br /> <br /> The condition doesn&amp;#39;t account for the valid range of the serial-&gt;port<br /> buffer, which is from 0 to serial-&gt;num_ports - 1. When newport is equal<br /> to serial-&gt;num_ports, the assignment of "port" in the<br /> following code is out-of-bounds and NULL:<br /> <br /> serial_priv-&gt;current_port = newport;<br /> port = serial-&gt;port[serial_priv-&gt;current_port];<br /> <br /> The fix checks if newport is greater than or equal to serial-&gt;num_ports<br /> indicating it is out-of-bounds.