Vulnerability Database

296,223

Total vulnerabilities in the database

CVE-2025-21743

In the Linux kernel, the following vulnerability has been resolved:

usbnet: ipheth: fix possible overflow in DPE length check

Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read.

Move the wDatagramIndex term to the other side of the inequality.

An existing condition ensures that wDatagramIndex < urb->actual_length.

  • Published: Feb 27, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2025-21743
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.1
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 6.13 6.13.3
linux / linux_kernel 6.7 6.12.14
linux / linux_kernel 6.5 6.6.78