mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
53 lines
3.6 KiB
JSON
53 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2025-21704",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2025-02-22T10:15:11.263",
|
|
"lastModified": "2025-03-13T13:15:48.910",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can't\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm->nb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device's vendor/product IDs and\nits other interfaces."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdc-acm: Verificar el tama\u00f1o del b\u00fafer de transferencia de control antes del acceso Si el primer fragmento es m\u00e1s corto que struct usb_cdc_notification, no podemos calcular un expected_size. Registra un error y descarta la notificaci\u00f3n en lugar de leer longitudes de la memoria fuera de los datos recibidos, lo que puede provocar una corrupci\u00f3n de la memoria cuando el expected_size disminuye entre fragmentos, lo que hace que `expected_size - acm->nb_index` se ajuste. Este problema ha estado presente desde el comienzo de la historia de git; sin embargo, solo conduce a la corrupci\u00f3n de la memoria desde el commit ea2583529cd1 (\"cdc-acm: reensamblar notificaciones fragmentadas\"). Un factor atenuante es que acm_ctrl_irq() solo se puede ejecutar despu\u00e9s de que el espacio de usuario haya abierto /dev/ttyACM*; pero si ModemManager se est\u00e1 ejecutando, ModemManager lo har\u00e1 autom\u00e1ticamente dependiendo de los ID de proveedor/producto del dispositivo USB y sus otras interfaces."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
}
|
|
]
|
|
} |