CVE-2025-21743
Published: 27 February 2025
Summary
CVE-2025-21743 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific overflow flaw in the Linux kernel's ipheth driver by requiring timely identification, reporting, and patching of the vulnerability.
Mandates validation of USB datagram lengths and indices to prevent arithmetic overflows that could lead to out-of-bounds reads in kernel drivers.
Provides kernel memory safeguards such as address space randomization and execution prevention to mitigate impacts of out-of-bounds reads like memory disclosure or crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read enables kernel memory disclosure that can be exploited for credential access; potential kernel crash directly enables DoS via system exploitation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to…
more
an OoB read. Move the wDatagramIndex term to the other side of the inequality. An existing condition ensures that wDatagramIndex < urb->actual_length.
Deeper analysisAI
CVE-2025-21743 is a vulnerability in the Linux kernel's usbnet ipheth driver, where the DPE length check could overflow if wDatagramIndex + wDatagramLength exceeded U16_MAX, potentially leading to an out-of-bounds read. An existing condition ensures wDatagramIndex is less than urb->actual_length, but the original check did not properly prevent the overflow. The issue is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could result in high-impact confidentiality loss through kernel memory disclosure via the out-of-bounds read, as well as high-impact availability disruption, such as denial of service from a kernel crash, while integrity impact remains none.
Mitigation involves applying the kernel patches provided in the referenced stable commits, including 18bf6f5cce3172cb303c3f0551aa9443d5ed74f8, c219427ed296f94bb4b91d08626776dc7719ee27, d677e7dd59ad6837496f5a02d8e5d39824278dfd, and d824a964185910e317287f034c0a439c08b4fe49, which fix the check by moving the wDatagramIndex term to the other side of the inequality. Security practitioners should update affected Linux kernel versions accordingly.
Details
- CWE(s)