{"uuid": "8c547a35-646d-4013-844c-2f1fd32f36bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21689", "type": "seen", "source": "https://t.me/cvedetector/17568", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21689 - Linux Kernel USB Quatech2 Null Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2025-21689 \nPublished : Feb. 10, 2025, 4:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()  \n  \nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to  \nan incorrect bounds check in the following:  \n  \n       if (newport > serial->num_ports) {  \n               dev_err(&port->dev,  \n                       \"%s - port change to invalid port: %i\\n\",  \n                       __func__, newport);  \n               break;  \n       }  \n  \nThe condition doesn't account for the valid range of the serial->port  \nbuffer, which is from 0 to serial->num_ports - 1. When newport is equal  \nto serial->num_ports, the assignment of \"port\" in the  \nfollowing code is out-of-bounds and NULL:  \n  \n       serial_priv->current_port = newport;  \n       port = serial->port[serial_priv->current_port];  \n  \nThe fix checks if newport is greater than or equal to serial->num_ports  \nindicating it is out-of-bounds. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-10T18:45:41.000000Z"}