0.0
NA
CVE-2025-21835
Linux USB Gadget MIDI Streaming Uninitialized Stack Memory Leak Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the descriptor for whichever value is smaller. The precise meaning of "in" and "out" in the port counts is not clearly defined and can be confusing. But elsewhere the driver consistently uses this to match the USB meaning of IN and OUT viewed from the host, so that "in" ports send data to the host and "out" ports receive data from it.

INFO

Published Date :

March 7, 2025, 9:15 a.m.

Last Modified :

March 13, 2025, 1:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2025-21835 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-21835.

URL Resource
https://git.kernel.org/stable/c/3a983390d14e8498f303fc5cb23ab7d696b815db
https://git.kernel.org/stable/c/6ae6dee9f005a2f3b739b85abb6f14a0935699e0
https://git.kernel.org/stable/c/6b16761a928796e4b49e89a0b1ac284155172726
https://git.kernel.org/stable/c/9f36a89dcb78cb7e37f487b04a16396ac18c0636
https://git.kernel.org/stable/c/9f6860a9c11301b052225ca8825f8d2b1a5825bf
https://git.kernel.org/stable/c/a2d0694e1f111379c1efdf439dadd3cfd959fe9d
https://git.kernel.org/stable/c/d8e86700c8a8cf415e300a0921acd6a8f9b494f8
https://git.kernel.org/stable/c/da1668997052ed1cb00322e1f3b63702615c9429

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-21835 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2025-21835 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 13, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/3a983390d14e8498f303fc5cb23ab7d696b815db
    Added Reference https://git.kernel.org/stable/c/9f36a89dcb78cb7e37f487b04a16396ac18c0636
    Added Reference https://git.kernel.org/stable/c/d8e86700c8a8cf415e300a0921acd6a8f9b494f8
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 07, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the descriptor for whichever value is smaller. The precise meaning of "in" and "out" in the port counts is not clearly defined and can be confusing. But elsewhere the driver consistently uses this to match the USB meaning of IN and OUT viewed from the host, so that "in" ports send data to the host and "out" ports receive data from it.
    Added Reference https://git.kernel.org/stable/c/6ae6dee9f005a2f3b739b85abb6f14a0935699e0
    Added Reference https://git.kernel.org/stable/c/6b16761a928796e4b49e89a0b1ac284155172726
    Added Reference https://git.kernel.org/stable/c/9f6860a9c11301b052225ca8825f8d2b1a5825bf
    Added Reference https://git.kernel.org/stable/c/a2d0694e1f111379c1efdf439dadd3cfd959fe9d
    Added Reference https://git.kernel.org/stable/c/da1668997052ed1cb00322e1f3b63702615c9429
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-21835 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-21835 weaknesses.

NONE - Vulnerability Scoring System
: