CVE-2025-21689

USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to
an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i
", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port
buffer, which is from 0 to serial->num_ports - 1. When newport is equal
to serial->num_ports, the assignment of "port" in the
following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports
indicating it is out-of-bounds.

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i
", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-02-10 CVE Published
2025-02-10 CVE Updated
2025-02-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/f7a33e608d9ae022b7f49307921627e34e9484ed	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22	2025-02-01
https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507	2025-02-01
https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe	2025-02-01
https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530	2025-02-01
https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f	2025-02-01
https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470	2025-02-01
https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b	2025-02-01
https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade	2025-01-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.4.290 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.4.290"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.10.234 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.10.234"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.15.178 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.15.178"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 6.1.128 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 6.1.128"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 6.6.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 6.6.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 6.12.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 6.12.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 6.13.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 6.13.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 6.14-rc1"		en		Affected