Executive Summary

Informations
Name CVE-2025-21877 First vendor Publication 2025-03-27
Vendor Cve Last vendor Modification 2025-03-27

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

usbnet: gl620a: fix endpoint checking in genelink_bind()

Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelink_bind() does not properly verify whether specified eps are in fact provided by the device, in this case, an artificially manufactured one, one may get a mismatch.

Fix the issue by resorting to a usbnet utility function usbnet_get_endpoints(), usually reserved for this very problem. Check for endpoints and return early before proceeding further if any are missing.

[1] Syzbot report: usb 5-1: Manufacturer: syz usb 5-1: SerialNumber: syz usb 5-1: config 0 descriptor?? gl620a 5-1:0.23 usb0: register 'gl620a' at usb-dummy_hcd.0-1, ... ------------[ cut here ]------------ usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503 Modules linked in: CPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: mld mld_ifc_work RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503 ... Call Trace:

usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467
__netdev_start_xmit include/linux/netdevice.h:5002 [inline]
netdev_start_xmit include/linux/netdevice.h:5011 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606
sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343
__dev_xmit_skb net/core/dev.c:3827 [inline]
__dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
neigh_resolve_output net/core/neighbour.c:1514 [inline]
neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494
neigh_output include/net/neighbour.h:539 [inline]
ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141
__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:450 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
NF_HOOK include/linux/netfilter.h:308 [inline]
mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819
mld_send_cr net/ipv6/mcast.c:2120 [inline]
mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21877

Sources (Detail)

https://git.kernel.org/stable/c/1cf9631d836b289bd5490776551961c883ae8a4f
https://git.kernel.org/stable/c/24dd971104057c8828d420a48e0a5af6e6f30d3e
https://git.kernel.org/stable/c/4e8b8d43373bf837be159366f0192502f97ec7a5
https://git.kernel.org/stable/c/5f2dbabbce04b1ffcd6d8d07564adb94db577536
https://git.kernel.org/stable/c/67ebc3391c8377738e97a43374054d9718fdb6e4
https://git.kernel.org/stable/c/9bcb8cbc3e5d67eb223bfb7e2291a270dbb699dc
https://git.kernel.org/stable/c/a2ee5e55b50a97d13617c8653482c0ad4decff8c
https://git.kernel.org/stable/c/ded25730c96949cb8b048b29c557e38569124943
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Date Informations
2025-04-21 05:53:06
  • Multiple Updates
2025-04-21 05:52:40
  • Multiple Updates
2025-04-20 14:17:25
  • Multiple Updates
2025-04-20 14:17:11
  • Multiple Updates
2025-04-20 07:31:08
  • Multiple Updates
2025-04-20 07:30:49
  • Multiple Updates
2025-04-19 14:17:42
  • Multiple Updates
2025-04-19 14:17:27
  • Multiple Updates
2025-04-19 06:17:29
  • Multiple Updates
2025-04-19 06:17:15
  • Multiple Updates
2025-04-18 16:36:05
  • Multiple Updates
2025-04-18 16:35:52
  • Multiple Updates
2025-04-18 03:17:53
  • Multiple Updates
2025-04-18 03:17:37
  • Multiple Updates
2025-04-17 14:17:17
  • Multiple Updates
2025-04-17 14:17:03
  • Multiple Updates
2025-04-17 06:47:43
  • Multiple Updates
2025-04-17 06:47:26
  • Multiple Updates
2025-04-16 14:22:57
  • Multiple Updates
2025-04-16 14:22:43
  • Multiple Updates
2025-04-16 07:05:38
  • Multiple Updates
2025-04-16 07:05:23
  • Multiple Updates
2025-04-15 14:18:48
  • Multiple Updates
2025-04-15 14:18:33
  • Multiple Updates
2025-04-15 05:10:11
  • Multiple Updates
2025-04-15 05:09:57
  • Multiple Updates
2025-04-14 15:57:27
  • Multiple Updates
2025-04-14 15:57:14
  • Multiple Updates
2025-04-14 04:56:53
  • Multiple Updates
2025-04-14 04:56:05
  • Multiple Updates
2025-04-13 15:25:10
  • Multiple Updates
2025-04-13 15:24:56
  • Multiple Updates
2025-04-13 03:26:21
  • Multiple Updates
2025-04-13 03:26:06
  • Multiple Updates
2025-04-12 14:17:24
  • Multiple Updates
2025-04-12 14:17:11
  • Multiple Updates
2025-04-12 04:33:23
  • Multiple Updates
2025-04-12 04:32:58
  • Multiple Updates
2025-04-11 14:45:03
  • Multiple Updates
2025-04-11 14:44:49
  • Multiple Updates
2025-04-11 03:25:15
  • Multiple Updates
2025-04-11 03:25:01
  • Multiple Updates
2025-04-10 14:19:48
  • Multiple Updates
2025-04-10 14:19:34
  • Multiple Updates
2025-04-10 03:35:25
  • Multiple Updates
2025-04-10 03:35:09
  • Multiple Updates
2025-04-09 14:19:35
  • Multiple Updates
2025-04-09 14:19:21
  • Multiple Updates
2025-04-09 03:20:46
  • Multiple Updates
2025-04-09 03:20:32
  • Multiple Updates
2025-04-08 14:16:11
  • Multiple Updates
2025-04-08 14:15:58
  • Multiple Updates
2025-04-08 03:22:07
  • Multiple Updates
2025-04-08 03:21:53
  • Multiple Updates
2025-04-07 14:15:29
  • Multiple Updates
2025-04-07 14:15:15
  • Multiple Updates
2025-04-07 03:16:16
  • Multiple Updates
2025-04-07 03:16:02
  • Multiple Updates
2025-04-06 14:15:20
  • Multiple Updates
2025-04-06 14:15:06
  • Multiple Updates
2025-04-06 03:17:39
  • Multiple Updates
2025-04-06 03:17:25
  • Multiple Updates
2025-04-05 14:18:49
  • Multiple Updates
2025-04-05 14:18:35
  • Multiple Updates
2025-04-05 03:22:35
  • Multiple Updates
2025-04-05 03:22:21
  • Multiple Updates
2025-04-04 14:16:56
  • Multiple Updates
2025-04-04 14:16:42
  • Multiple Updates
2025-04-04 03:15:49
  • Multiple Updates
2025-04-04 03:15:35
  • Multiple Updates
2025-04-03 15:09:52
  • Multiple Updates
2025-04-03 15:09:32
  • Multiple Updates
2025-04-03 03:14:52
  • Multiple Updates
2025-04-03 03:14:38
  • Multiple Updates
2025-04-02 14:15:32
  • Multiple Updates
2025-04-02 14:15:19
  • Multiple Updates
2025-04-02 03:15:44
  • Multiple Updates
2025-04-02 03:15:30
  • Multiple Updates
2025-04-01 14:15:21
  • Multiple Updates
2025-04-01 14:15:07
  • Multiple Updates
2025-03-31 17:20:34
  • Multiple Updates
2025-03-27 17:20:57
  • First insertion