CVE-2025-21735Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write102 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 98.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedFeb 27
Latest updateApr 15

Description

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel4.46.1.129+3
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+4
CVEListV5linux/linuxa1b0b9415817c14d207921582f269d03f848b69fbd249109d266f1d52548c46634a15b71656e0d44+8

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

49
OSV
linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities2026-04-06
OSV
linux-fips, linux-aws-fips vulnerabilities2026-04-02
OSV
linux-fips vulnerabilities2026-04-02
OSV
linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities2026-04-02
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2026-04-01

📋Vendor Advisories

52
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-15
Ubuntu
Linux kernel (HWE) vulnerabilities2026-04-09
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-06
Ubuntu
Linux kernel vulnerabilities2026-04-02
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-02
CVE-2025-21735 — Out-of-bounds Write in Linux | cvebase