Cyber Resilience

CVE-2025-21735

HighUpdated

Published: 27 February 2025

Published
27 February 2025
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21735 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21735 is a vulnerability in the Linux kernel's NFC NCI (Near Field Communication Controller Interface) subsystem, specifically in the nci_hci_create_pipe() function. The issue stems from a lack of bounds checking on a u8 "pipe" variable sourced from the network; values exceeding 127 trigger memory corruption in the caller function, nci_hci_connect_gate(). This out-of-bounds write (CWE-787) affects Linux kernel versions prior to the application of the relevant stable patches and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by supplying a crafted "pipe" value over an NFC connection, leading to memory corruption. Successful exploitation could allow arbitrary code execution, data tampering, or system crashes, with high impacts on confidentiality, integrity, and availability due to the unbounded write.

Mitigation involves applying kernel patches that add bounds checking to nci_hci_create_pipe(), as detailed in the following stable branch commits: 10b3f947b609713e04022101f492d288a014ddfa, 110b43ef05342d5a11284cc8b21582b698b4ef1c, 172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e, 2ae4bade5a64d126bd18eb66bd419005c5550218, and 59c7ed20217c0939862fbf8145bc49d5b3a13f4f. Security practitioners should update affected Linux kernels promptly, particularly those with NFC functionality enabled.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in…

more

the caller, nci_hci_connect_gate().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption (out-of-bounds write) in NFC NCI subsystem allows low-privileged attacker to achieve arbitrary code execution via crafted NFC input, directly enabling privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel
CVE-2026-43500Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.4 — 6.1.129 · 6.2 — 6.6.78 · 6.7 — 6.12.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching of the Linux kernel to add bounds checking in nci_hci_create_pipe(), preventing exploitation of the out-of-bounds write.

prevent

Enforces validation of information inputs from NFC, directly addressing the lack of bounds checking on the network-sourced u8 'pipe' variable that leads to memory corruption.

prevent

Implements memory safeguards such as non-executable memory and address randomization to protect against exploitation of the memory corruption caused by the out-of-bounds write.

References