Cyber Resilience

CVE-2025-21741

High

Published: 27 February 2025

Published
27 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21741 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-41 (Port and I/O Device Access).

Deeper analysis

CVE-2025-21741 is an out-of-bounds read vulnerability in the ipheth driver within the usbnet subsystem of the Linux kernel. The issue arises from processing an excessive number of DPEs (Device Private Endpoints) beyond the fixed-size NDP16 header, leading to an out-of-bounds memory read classified under CWE-125. It affects Linux kernel versions prior to the application of the relevant stable patches and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A local attacker with low privileges can exploit this vulnerability by interacting with an affected ipheth USB device, such as through crafted USB traffic emulating an iPhone Ethernet adapter. Successful exploitation enables high-impact confidentiality violations, potentially leaking sensitive kernel memory, and high-impact availability disruptions, such as kernel crashes or denial of service.

Mitigation involves updating to Linux kernel versions incorporating the upstream fixes, as detailed in the stable commit references: https://git.kernel.org/stable/c/22475242ddb70e35c9148234be9a3aa9fb8efff9, https://git.kernel.org/stable/c/5835bf66c50ac2b85ed28b282c2456c3516ef0a6, https://git.kernel.org/stable/c/971b8c572559e52d32a2b82f2d9e0685439a0117, and https://git.kernel.org/stable/c/ee591f2b281721171896117f9946fced31441418. These patches limit the number of processed DPEs to the NDP16 header capacity, preventing the out-of-bounds access.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The out-of-bounds read in the kernel driver enables a local attacker to leak sensitive kernel memory (facilitating T1005 Data from Local System) and trigger crashes/DoS (enabling T1499.004 Application or System Exploitation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31513Same product: Linux Linux Kernel
CVE-2025-21789Same product: Linux Linux Kernel
CVE-2024-52332Same product: Linux Linux Kernel
CVE-2025-21742Same product: Linux Linux Kernel
CVE-2025-71231Same product: Linux Linux Kernel
CVE-2024-58015Same product: Linux Linux Kernel
CVE-2026-23187Same product: Linux Linux Kernel
CVE-2025-71093Same product: Linux Linux Kernel
CVE-2026-23315Same product: Linux Linux Kernel
CVE-2024-58007Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.5 — 6.6.78 · 6.7 — 6.12.14 · 6.13 — 6.13.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of flaws like the OOB read in the ipheth USB driver via kernel patching.

prevent

Implements memory boundary protections that mitigate the impact of out-of-bounds reads by isolating kernel memory from unauthorized access.

prevent

Restricts access to USB I/O ports and devices, limiting local low-privilege attackers' ability to connect crafted ipheth-emulating USB hardware.

References