CVE-2025-38286
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (inc) |
| debian | debian_linux | 11.0 |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's pinctrl at91 driver occurs because the function at91_gpio_probe() does not properly check if a given OF alias is available or if an error occurred when retrieving it. This can lead to an out-of-boundary access when using the alias value as an index into the gpio_chips array. Additionally, the BUG() macro that would normally enforce checks can be compiled out, removing safeguards against this issue.
How can this vulnerability impact me? :
The vulnerability can cause out-of-boundary memory access, which may lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the improper bounds checking in the gpio_chips array indexing.