CVE-2025-21741

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21741
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21741.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21741
Downstream
Related
Published
2025-02-27T02:12:15.715Z
Modified
2025-11-20T08:43:17.078755Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
usbnet: ipheth: fix DPE OoB read
Details

In the Linux kernel, the following vulnerability has been resolved:

usbnet: ipheth: fix DPE OoB read

Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a2d274c62e44b1995c170595db3865c6fe701226
Fixed
22475242ddb70e35c9148234be9a3aa9fb8efff9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a2d274c62e44b1995c170595db3865c6fe701226
Fixed
5835bf66c50ac2b85ed28b282c2456c3516ef0a6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a2d274c62e44b1995c170595db3865c6fe701226
Fixed
971b8c572559e52d32a2b82f2d9e0685439a0117
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a2d274c62e44b1995c170595db3865c6fe701226
Fixed
ee591f2b281721171896117f9946fced31441418

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.4
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 1110.0,
            "function_hash": "132321243147065084228871997735512461192"
        },
        "target": {
            "file": "drivers/net/usb/ipheth.c",
            "function": "ipheth_rcvbulk_callback_ncm"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22475242ddb70e35c9148234be9a3aa9fb8efff9",
        "signature_version": "v1",
        "id": "CVE-2025-21741-0eeea936"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "177768473293333482390381471868991352513",
                "24141874070798327183502856541775202591",
                "121132069059865225948641396734741814980",
                "52836273125735988339174869793394103770",
                "177758865994830695406230947214077011752",
                "179555412577034431107178152203335656444",
                "187720900790459343329825695653719779838",
                "98304306416041442654474062058863882180"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/net/usb/ipheth.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@971b8c572559e52d32a2b82f2d9e0685439a0117",
        "signature_version": "v1",
        "id": "CVE-2025-21741-5682b636"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "177768473293333482390381471868991352513",
                "24141874070798327183502856541775202591",
                "121132069059865225948641396734741814980",
                "52836273125735988339174869793394103770",
                "177758865994830695406230947214077011752",
                "179555412577034431107178152203335656444",
                "187720900790459343329825695653719779838",
                "98304306416041442654474062058863882180"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/net/usb/ipheth.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22475242ddb70e35c9148234be9a3aa9fb8efff9",
        "signature_version": "v1",
        "id": "CVE-2025-21741-9bc21b60"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 1110.0,
            "function_hash": "132321243147065084228871997735512461192"
        },
        "target": {
            "file": "drivers/net/usb/ipheth.c",
            "function": "ipheth_rcvbulk_callback_ncm"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@971b8c572559e52d32a2b82f2d9e0685439a0117",
        "signature_version": "v1",
        "id": "CVE-2025-21741-9ebb68e7"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.78
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.14
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.3