5.5

CVE-2025-21689

USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

This patch addresses a null-ptr-deref in qt2_process_read_urb() due to
an incorrect bounds check in the following:

       if (newport > serial->num_ports) {
               dev_err(&port->dev,
                       "%s - port change to invalid port: %i\n",
                       __func__, newport);
               break;
       }

The condition doesn't account for the valid range of the serial->port
buffer, which is from 0 to serial->num_ports - 1. When newport is equal
to serial->num_ports, the assignment of "port" in the
following code is out-of-bounds and NULL:

       serial_priv->current_port = newport;
       port = serial->port[serial_priv->current_port];

The fix checks if newport is greater than or equal to serial->num_ports
indicating it is out-of-bounds.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.5 < 5.4.290
LinuxLinux Kernel Version >= 5.5 < 5.10.234
LinuxLinux Kernel Version >= 5.11 < 5.15.178
LinuxLinux Kernel Version >= 5.16 < 6.1.128
LinuxLinux Kernel Version >= 6.2 < 6.6.75
LinuxLinux Kernel Version >= 6.7 < 6.12.12
LinuxLinux Kernel Version6.13 Update-
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
LinuxLinux Kernel Version6.13 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.112
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530
Patch
https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade
Patch
https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe
Patch
https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f
Patch
https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b
Patch
https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507
Patch
https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470
Patch
https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html