CVE-2025-21735: NFC: nci: Add bounds checking in nci_hci_create_pipe()
First published: Thu Feb 27 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| >=4.4<6.1.129 | ||
| >=6.2<6.6.78 | ||
| >=6.7<6.12.14 | ||
| >=6.13<6.13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c
- https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e
- https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218
- https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f
- https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a
- https://git.kernel.org/stable/c/bd249109d266f1d52548c46634a15b71656e0d44
- https://git.kernel.org/stable/c/674e17c5933779a8bf5c15d596fdfcb5ccdebbc2
- https://git.kernel.org/stable/c/10b3f947b609713e04022101f492d288a014ddfa
Frequently Asked Questions
What is the severity of CVE-2025-21735?
CVE-2025-21735 has been assessed with high severity due to the potential for memory corruption.
How do I fix CVE-2025-21735?
To fix CVE-2025-21735, update your Linux kernel to the latest version where this vulnerability has been patched.
What systems are affected by CVE-2025-21735?
CVE-2025-21735 affects the Linux kernel across various distributions that utilize vulnerable networking components.
What are the potential impacts of CVE-2025-21735?
The impacts of CVE-2025-21735 include memory corruption, which could lead to system instability or security breaches.
Is CVE-2025-21735 actively exploited?
As of now, there are no public reports indicating that CVE-2025-21735 is actively being exploited in the wild.
- agent/first-publish-date
- agent/type
- agent/title
- agent/references
- agent/author
- agent/source
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13