Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-21776— USB: hub: Ignore non-compliant devices with too many configs or interfaces

EPSS 0.01% · P3

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxd2123fd9e1a56b8006986ed37e0aaf93ef0dd978< 49f077106fa07919a6a6dda99bb490dd1d1a8218affected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< d343fe0fad5c1d689775f2dda24a85ce98e29566affected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< d3a67adb365cdfdac4620daf38a82e57ca45806caffected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< c3720b04df84b5459050ae4e03ec7d545652f897affected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< e905a0fca7bff0855d312c16f71e60e1773b393eaffected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< 62d8f4c5454dd39aded4f343720d1c5a1803cfefaffected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< 5b9778e1fe715700993ce436c152dc3b7df0b490affected
d2123fd9e1a56b8006986ed37e0aaf93ef0dd978< 2240fed37afbcdb5e8b627bc7ad986891100e05daffected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-21776

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
USB: hub: Ignore non-compliant devices with too many configs or interfaces
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110 ... Call Trace: <TASK> ? die_addr+0x31/0x80 ? exc_general_protection+0x1b4/0x3c0 ? asm_exc_general_protection+0x26/0x30 ? usb_hub_adjust_deviceremovable+0x78/0x110 hub_probe+0x7c7/0xab0 usb_probe_interface+0x14b/0x350 really_probe+0xd0/0x2d0 ? __pfx___device_attach_driver+0x10/0x10 __driver_probe_device+0x6e/0x110 driver_probe_device+0x1a/0x90 __device_attach_driver+0x7e/0xc0 bus_for_each_drv+0x7f/0xd0 __device_attach+0xaa/0x1a0 bus_probe_device+0x8b/0xa0 device_add+0x62e/0x810 usb_set_configuration+0x65d/0x990 usb_generic_driver_probe+0x4b/0x70 usb_probe_device+0x36/0xd0 The cause of this error is that the device has two interfaces, and the hub driver binds to interface 1 instead of interface 0, which is where usb_hub_to_struct_hub() looks. We can prevent the problem from occurring by refusing to accept hub devices that violate the USB spec by having more than one configuration or interface.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于USB hub未正确处理非合规设备,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d2123fd9e1a56b8006986ed37e0aaf93ef0dd978 ~ 49f077106fa07919a6a6dda99bb490dd1d1a8218 -
LinuxLinux 3.9 -

II. Public POCs for CVE-2025-21776

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-21776

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-02-27 · 177 CVEs total

CVE-2025-217567.8 HIGHvsock: Keep the binding until socket destruction
CVE-2025-21770iommu: Fix potential memory leak in iopf_queue_remove_device()
CVE-2025-21761openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
CVE-2025-21763neighbour: use RCU protection in __neigh_notify()
CVE-2025-21762arp: use RCU protection in arp_xmit()
CVE-2025-21764ndisc: use RCU protection in ndisc_alloc_skb()
CVE-2025-21765ipv6: use RCU protection in ip6_default_advmss()
CVE-2025-21766ipv4: use RCU protection in __ip_rt_update_pmtu()
CVE-2025-21767clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
CVE-2025-21769ptp: vmclock: Add .owner to vmclock_miscdev_fops
CVE-2025-21768net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
CVE-2025-21771sched_ext: Fix incorrect autogroup migration detection
CVE-2025-21777ring-buffer: Validate the persistent meta data subbuf array
CVE-2025-21783gpiolib: Fix crash on error in gpiochip_get_ngpios()
CVE-2025-21781batman-adv: fix panic during interface removal
CVE-2025-21780drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
CVE-2025-21779KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
CVE-2025-21778tracing: Do not allow mmap() of persistent ring buffer
CVE-2025-21775can: ctucanfd: handle skb allocation failure
CVE-2025-21773can: etas_es58x: fix potential NULL pointer dereference on udev->serial

Showing top 20 of 177 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-21776

No comments yet

Leave a comment