cve/2025/CVE-2025-21794.md

### [CVE-2025-21794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21794)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=220883fba32549a34f0734e4859d07f4dcd56992%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.12.13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.13.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.6.76%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=816e84602900f7f951458d743fa12769635ebfd5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=ae730deded66150204c494282969bfa98dc3ae67%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=e5bcae4212a6a4b4204f46a1b8bcba08909d2007%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array fromhid-thrustmaster driver. This array is passed to usb_check_int_endpointsfunction from usb.c core driver, which executes a for loop that iteratesover the elements of the passed array. Not finding a null element at the end ofthe array, it tries to read the next, non-existent element, crashing the kernel.To fix this, a 0 element was added at the end of the array to break the forloop.[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/runwhen-contrib/helm-charts
- https://github.com/w4zu/Debian_security