CVE-2025-21735 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

NFC: nci: Add bounds checking in nci_hci_create_pipe()

The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate().

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability identified as CVE-2025-21735 resides within the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the NCI (NFC Controller Interface) layer responsible for managing communication between NFC controllers and upper layer protocols. This flaw manifests in the nci_hci_create_pipe() function where insufficient input validation leads to potential memory corruption issues. The vulnerability represents a classic case of improper bounds checking that can be exploited through maliciously crafted network data, making it particularly concerning for systems that process NFC communications from untrusted sources.

The technical implementation of this vulnerability stems from a fundamental type casting and validation issue where the pipe variable is defined as a u8 (unsigned 8-bit integer) but receives input from external network sources without proper validation. When the pipe value exceeds 127, which represents the maximum value for a signed 8-bit integer, the function fails to properly handle this boundary condition. This overflow condition causes the memory layout to become corrupted as the system attempts to process what should be a valid pipe identifier but instead becomes an invalid memory reference. The corruption specifically impacts the nci_hci_connect_gate() caller function, which relies on the pipe parameter for proper gate connection operations.

The operational impact of this vulnerability extends beyond simple memory corruption, as it can lead to system instability, potential privilege escalation, and denial of service conditions within NFC-enabled devices. Systems utilizing the Linux kernel's NFC stack for mobile payments, access control, or device pairing operations face significant risk when this vulnerability is present. The attack vector requires an adversary to send specially crafted NFC data to a vulnerable system, making it particularly relevant for mobile devices, IoT systems, and any platform that processes NFC communications from external sources. This vulnerability can be classified under CWE-129 as "Improper Validation of Array Index" and aligns with ATT&CK technique T1068 for "Exploitation for Privilege Escalation" when exploited in system contexts.

Mitigation strategies for CVE-2025-21735 should prioritize applying the kernel patch that implements proper bounds checking for the pipe variable within the nci_hci_create_pipe() function. System administrators should ensure all NFC-enabled devices receive the latest kernel updates, particularly those running versions prior to the patched release. Additional defensive measures include implementing network segmentation for NFC communications, monitoring for anomalous NFC traffic patterns, and employing input validation at multiple layers of the NFC stack. The fix should enforce that pipe values remain within valid ranges and implement proper error handling for out-of-bounds conditions, preventing the memory corruption that occurs when values exceed 127. Organizations should also consider implementing runtime protections such as kernel address space layout randomization and stack canaries to reduce the effectiveness of potential exploitation attempts.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00231

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!