CVE-2025-21794
Published: Feb 27, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from hid-thrustmaster driver. This array is passed to usb_check_int_endpoints function from usb.c core driver, which executes a for loop that iterates over the elements of the passed array. Not finding a null element at the end of the array, it tries to read the next, non-existent element, crashing the kernel. To fix this, a 0 element was added at the end of the array to break the for loop. [1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 220883fba32549a34f0734e4859d07f4dcd56992 - < 436f48c864186e9413d1b7c6e91767cc9e1a65b8affected ae730deded66150204c494282969bfa98dc3ae67 - < f3ce05283f6cb6e19c220f5382def43dc5bd56b9affected e5bcae4212a6a4b4204f46a1b8bcba08909d2007 - < cdd9a1ea23ff1a272547217100663e8de4eada40affected 816e84602900f7f951458d743fa12769635ebfd5 - < 73e36a699b9f46322ffb81f072a24e64f728dba7affected 50420d7c79c37a3efe4010ff9b1bb14bc61ebccf - < 0b43d98ff29be3144e86294486b1373b5df74c0e |
Linux | Linux | affected 6.6.76 - < 6.6.79affected 6.12.13 - < 6.12.16affected 6.13.2 - < 6.13.4 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now