CVE-2025-21708 — Improper Handling of Structural Elements in Linux
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV5.9
EPSS
0.0%
top 90.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 27
Latest updateSep 3
Description
In the Linux kernel, the following vulnerability has been resolved:
net: usb: rtl8150: enable basic endpoint checking
Syzkaller reports [1] encountering a common issue of utilizing a wrong
usb endpoint type during URB submitting stage. This, in turn, triggers
a warning shown below.
For now, enable simple endpoint checking (specifically, bulk and
interrupt eps, testing control one is not essential) to mitigate
the issue with a view to do other related cosmetic changes later,
if they are necess…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — 431be4f78220d34ce21d67a6b843b7ca81bd82e9+8
Patches
🔴Vulnerability Details
44OSV▶
linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities↗2025-07-22