SB2025032758 - Resource management error in Linux kernel net usb driver
Published: March 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025032758
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2025-21877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1cf9631d836b289bd5490776551961c883ae8a4f
- https://git.kernel.org/stable/c/24dd971104057c8828d420a48e0a5af6e6f30d3e
- https://git.kernel.org/stable/c/4e8b8d43373bf837be159366f0192502f97ec7a5
- https://git.kernel.org/stable/c/5f2dbabbce04b1ffcd6d8d07564adb94db577536
- https://git.kernel.org/stable/c/67ebc3391c8377738e97a43374054d9718fdb6e4
- https://git.kernel.org/stable/c/9bcb8cbc3e5d67eb223bfb7e2291a270dbb699dc
- https://git.kernel.org/stable/c/a2ee5e55b50a97d13617c8653482c0ad4decff8c
- https://git.kernel.org/stable/c/ded25730c96949cb8b048b29c557e38569124943
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.6