CVE-2025-21741
Published: 27 February 2025
Summary
CVE-2025-21741 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-41 (Port and I/O Device Access).
Deeper analysis
CVE-2025-21741 is an out-of-bounds read vulnerability in the ipheth driver within the usbnet subsystem of the Linux kernel. The issue arises from processing an excessive number of DPEs (Device Private Endpoints) beyond the fixed-size NDP16 header, leading to an out-of-bounds memory read classified under CWE-125. It affects Linux kernel versions prior to the application of the relevant stable patches and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability by interacting with an affected ipheth USB device, such as through crafted USB traffic emulating an iPhone Ethernet adapter. Successful exploitation enables high-impact confidentiality violations, potentially leaking sensitive kernel memory, and high-impact availability disruptions, such as kernel crashes or denial of service.
Mitigation involves updating to Linux kernel versions incorporating the upstream fixes, as detailed in the stable commit references: https://git.kernel.org/stable/c/22475242ddb70e35c9148234be9a3aa9fb8efff9, https://git.kernel.org/stable/c/5835bf66c50ac2b85ed28b282c2456c3516ef0a6, https://git.kernel.org/stable/c/971b8c572559e52d32a2b82f2d9e0685439a0117, and https://git.kernel.org/stable/c/ee591f2b281721171896117f9946fced31441418. These patches limit the number of processed DPEs to the NDP16 header capacity, preventing the out-of-bounds access.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5181
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The out-of-bounds read in the kernel driver enables a local attacker to leak sensitive kernel memory (facilitating T1005 Data from Local System) and trigger crashes/DoS (enabling T1499.004 Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and correction of flaws like the OOB read in the ipheth USB driver via kernel patching.
Implements memory boundary protections that mitigate the impact of out-of-bounds reads by isolating kernel memory from unauthorized access.
Restricts access to USB I/O ports and devices, limiting local low-privilege attackers' ability to connect crafted ipheth-emulating USB hardware.