CVE-2025-21735

HIGH EPSS 13.1%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥4.4  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.78
linuxlinux_kernel*≥6.7  –  <6.12.14
linuxlinux_kernel*≥6.13  –  <6.13.3

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/10b3f947b609713e04022101f492d288a014ddfa
  • git.kernel.org https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/674e17c5933779a8bf5c15d596fdfcb5ccdebbc2
  • git.kernel.org https://git.kernel.org/stable/c/bd249109d266f1d52548c46634a15b71656e0d44
  • git.kernel.org https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a
    Patch