{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-21794", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.767Z", "datePublished": "2025-02-27T02:18:30.907Z", "dateUpdated": "2026-05-11T21:06:37.602Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:06:37.602Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-thrustmaster.c"], "versions": [{"version": "220883fba32549a34f0734e4859d07f4dcd56992", "lessThan": "436f48c864186e9413d1b7c6e91767cc9e1a65b8", "status": "affected", "versionType": "git"}, {"version": "ae730deded66150204c494282969bfa98dc3ae67", "lessThan": "f3ce05283f6cb6e19c220f5382def43dc5bd56b9", "status": "affected", "versionType": "git"}, {"version": "e5bcae4212a6a4b4204f46a1b8bcba08909d2007", "lessThan": "cdd9a1ea23ff1a272547217100663e8de4eada40", "status": "affected", "versionType": "git"}, {"version": "816e84602900f7f951458d743fa12769635ebfd5", "lessThan": "73e36a699b9f46322ffb81f072a24e64f728dba7", "status": "affected", "versionType": "git"}, {"version": "50420d7c79c37a3efe4010ff9b1bb14bc61ebccf", "lessThan": "0b43d98ff29be3144e86294486b1373b5df74c0e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-thrustmaster.c"], "versions": [{"version": "6.6.76", "lessThan": "6.6.79", "status": "affected", "versionType": "semver"}, {"version": "6.12.13", "lessThan": "6.12.16", "status": "affected", "versionType": "semver"}, {"version": "6.13.2", "lessThan": "6.13.4", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.76", "versionEndExcluding": "6.6.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.13", "versionEndExcluding": "6.12.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13.2", "versionEndExcluding": "6.13.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8"}, {"url": "https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9"}, {"url": "https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40"}, {"url": "https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7"}, {"url": "https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e"}], "title": "HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:28:58.615776Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:36:39.154Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:59:37.420Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:59:37.420Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:28:58.615776Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T16:56:31.987Z"}}], "cna": {"title": "HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "220883fba32549a34f0734e4859d07f4dcd56992", "lessThan": "436f48c864186e9413d1b7c6e91767cc9e1a65b8", "versionType": "git"}, {"status": "affected", "version": "ae730deded66150204c494282969bfa98dc3ae67", "lessThan": "f3ce05283f6cb6e19c220f5382def43dc5bd56b9", "versionType": "git"}, {"status": "affected", "version": "e5bcae4212a6a4b4204f46a1b8bcba08909d2007", "lessThan": "cdd9a1ea23ff1a272547217100663e8de4eada40", "versionType": "git"}, {"status": "affected", "version": "816e84602900f7f951458d743fa12769635ebfd5", "lessThan": "73e36a699b9f46322ffb81f072a24e64f728dba7", "versionType": "git"}, {"status": "affected", "version": "50420d7c79c37a3efe4010ff9b1bb14bc61ebccf", "lessThan": "0b43d98ff29be3144e86294486b1373b5df74c0e", "versionType": "git"}], "programFiles": ["drivers/hid/hid-thrustmaster.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6.76", "lessThan": "6.6.79", "versionType": "semver"}, {"status": "affected", "version": "6.12.13", "lessThan": "6.12.16", "versionType": "semver"}, {"status": "affected", "version": "6.13.2", "lessThan": "6.13.4", "versionType": "semver"}], "programFiles": ["drivers/hid/hid-thrustmaster.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8"}, {"url": "https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9"}, {"url": "https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40"}, {"url": "https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7"}, {"url": "https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.6.76"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.12.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13.2"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:06:37.602Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21794", "state": "PUBLISHED", "dateUpdated": "2026-05-11T21:06:37.602Z", "dateReserved": "2024-12-29T08:45:45.767Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-27T02:18:30.907Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D48B56A5-E076-490E-B5A6-F3AB84C22E89", "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.6.76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88327018-7D74-4C95-9672-29D99D630F66", "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.12.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "25A9DD1C-2E5A-4631-9F6A-B06B38D2D88B", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: hid-thrustmaster: correcci\u00f3n de lectura fuera de los l\u00edmites de pila en usb_check_int_endpoints() Syzbot[1] ha detectado una lectura fuera de los l\u00edmites de pila de la matriz ep_addr del controlador hid-thrustmaster. Esta matriz se pasa a la funci\u00f3n usb_check_int_endpoints del controlador del n\u00facleo usb.c, que ejecuta un bucle for que itera sobre los elementos de la matriz pasada. Al no encontrar un elemento nulo al final de la matriz, intenta leer el siguiente elemento inexistente, lo que hace que el kernel se bloquee. Para corregir esto, se agreg\u00f3 un elemento 0 al final de la matriz para romper el bucle for. [1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad"}], "id": "CVE-2025-21794", "lastModified": "2025-11-03T21:19:10.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-27T03:15:20.293", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()", "id": "2348598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348598"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad"], "name": "CVE-2025-21794", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21794\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21794\nhttps://lore.kernel.org/linux-cve-announce/2025022610-CVE-2025-21794-ddde@gregkh/T"], "threat_severity": "Moderate"}

{}