In the Linux kernel, the following vulnerability has been resolved:
USB: serial: quatech2: fix null-ptr-deref in qt2processread_urb()
This patch addresses a null-ptr-deref in qt2processread_urb() due to an incorrect bounds check in the following:
if (newport > serial->num_ports) {
dev_err(&port->dev,
"%s - port change to invalid port: %i\n",
__func__, newport);
break;
}
The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->numports - 1. When newport is equal to serial->numports, the assignment of "port" in the following code is out-of-bounds and NULL:
serial_priv->current_port = newport;
port = serial->port[serial_priv->current_port];
The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds.
[
{
"id": "CVE-2025-21689-06210311",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6377838560c03b36e1153a42ef727533def9b68f",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-1fe342e6",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa4c7472469d97c4707698b4c0e098f8cfc2bf22",
"signature_version": "v1",
"digest": {
"length": 1856.0,
"function_hash": "89405789916903722016664344996016311212"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-5118fa22",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94770cf7c5124f0268d481886829dc2beecc4507",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-60be0093",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f371471708c7d997f763b0e70565026eb67cc470",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-85877204",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94770cf7c5124f0268d481886829dc2beecc4507",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-a2af0644",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b9b41fabcd38990f69ef0cee9c631d954a2b530",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-a4d1a60a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-aeb22329",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b9b41fabcd38990f69ef0cee9c631d954a2b530",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-b3e7f035",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8542b33622571f54dfc2a267fce378b6e3840b8b",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-b6f8396c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@575a5adf48b06a2980c9eeffedf699ed5534fade",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-bdc80261",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-c2b58952",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@575a5adf48b06a2980c9eeffedf699ed5534fade",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-c3547c8b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6377838560c03b36e1153a42ef727533def9b68f",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-d94a2926",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa4c7472469d97c4707698b4c0e098f8cfc2bf22",
"signature_version": "v1",
"digest": {
"line_hashes": [
"49696660082081230952817322424924807509",
"4164192275429418487585552721246415247",
"61547628263596353651945132083687593271",
"146082851117505680118789288979036514510"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-eb249754",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f371471708c7d997f763b0e70565026eb67cc470",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
},
{
"id": "CVE-2025-21689-f56111a0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8542b33622571f54dfc2a267fce378b6e3840b8b",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "327762070352451122607684103706674024376"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "qt2_process_read_urb",
"file": "drivers/usb/serial/quatech2.c"
}
}
]