CVE-2025-38330
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds (OOB) memory read access issue in the Linux kernel's firmware component cs_dsp, specifically in the KUnit test for ctl cache. The problem arises because the code initially uses a length of 4 bytes for register value allocations but later overrides this length to 8 bytes, causing memory access beyond the allocated bounds. The fix involved removing the length override to keep the original 4-byte length for all operations.
How can this vulnerability impact me? :
This vulnerability can cause out-of-bounds memory reads during testing, which may lead to test code failures and potentially unstable or unpredictable behavior in the affected firmware component. While the description focuses on test code failures, out-of-bounds memory access can sometimes lead to security issues such as information disclosure or system crashes.