SB2025022782 - Out-of-bounds read in Linux kernel hid driver
Published: February 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025022782
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-21794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e
- https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8
- https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7
- https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40
- https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.79