CVE-2025-21708

MEDIUM EPSS 8.3%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable simple endpoint checking (specifically, bulk and interrupt eps, testing control one is not essential) to mitigate the issue with a view to do other related cosmetic changes later, if they are necessary. [1] Syzkaller report: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv> Modules linked in: CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503 Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8> RSP: 0018:ffffc9000441f740 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9 RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001 RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733 __dev_open+0x2d4/0x4e0 net/core/dev.c:1474 __dev_change_flags+0x561/0x720 net/core/dev.c:8838 dev_change_flags+0x8f/0x160 net/core/dev.c:8910 devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177 inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003 sock_do_ioctl+0x116/0x280 net/socket.c:1222 sock_ioctl+0x22e/0x6c0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc04ef73d49 ... This change has not been tested on real hardware.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.13  –  <5.4.291
linuxlinux_kernel*≥5.5  –  <5.10.235
linuxlinux_kernel*≥5.11  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/3c706829ceb6e347bd4ddfd17f1d3048acd69da2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/431be4f78220d34ce21d67a6b843b7ca81bd82e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f78a2b9ed4cb1e62c60d0a8905d9a37bc18c20d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90b7f2961798793275b4844348619b622f983907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c843515ad2be7349dd6b60e5fd299d0da0b8458b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d42168f109f96b5d18812a789086015a435ee667
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e10b392a7495a5dbbb25247e2c17d380d9899263
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f395b7efcee8df54309eb2d4a624ef13f5d88b66
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3c706829ceb6e347bd4ddfd17f1d3048acd69da2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/431be4f78220d34ce21d67a6b843b7ca81bd82e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f78a2b9ed4cb1e62c60d0a8905d9a37bc18c20d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90b7f2961798793275b4844348619b622f983907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c843515ad2be7349dd6b60e5fd299d0da0b8458b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d42168f109f96b5d18812a789086015a435ee667
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e10b392a7495a5dbbb25247e2c17d380d9899263
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f395b7efcee8df54309eb2d4a624ef13f5d88b66
    Patch