| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022610-CVE-2025-21794-ddde@gregkh> Date: Wed, 26 Feb 2025 18:17:50 -0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21794: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Description =========== In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from hid-thrustmaster driver. This array is passed to usb_check_int_endpoints function from usb.c core driver, which executes a for loop that iterates over the elements of the passed array. Not finding a null element at the end of the array, it tries to read the next, non-existent element, crashing the kernel. To fix this, a 0 element was added at the end of the array to break the for loop. [1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad The Linux kernel CVE team has assigned CVE-2025-21794 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.76 with commit ae730deded66150204c494282969bfa98dc3ae67 and fixed in 6.6.79 with commit f3ce05283f6cb6e19c220f5382def43dc5bd56b9 Issue introduced in 6.12.13 with commit e5bcae4212a6a4b4204f46a1b8bcba08909d2007 and fixed in 6.12.16 with commit cdd9a1ea23ff1a272547217100663e8de4eada40 Issue introduced in 6.13.2 with commit 816e84602900f7f951458d743fa12769635ebfd5 and fixed in 6.13.4 with commit 73e36a699b9f46322ffb81f072a24e64f728dba7 Issue introduced in 6.14-rc1 with commit 50420d7c79c37a3efe4010ff9b1bb14bc61ebccf and fixed in 6.14-rc3 with commit 0b43d98ff29be3144e86294486b1373b5df74c0e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21794 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hid/hid-thrustmaster.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8 https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9 https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40 https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7 https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e
Powered by blists - more mailing lists