CVE-2025-38342
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-12-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (inc) |
| debian | debian_linux | 11.0 |
| linux | linux_kernel | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds (OOB) check issue in the Linux kernel function software_node_get_reference_args(). The function attempts to access the @index-th element of a property value, but the existing OOB check does not properly ensure that the property value has enough bytes to safely access that element. This can lead to out-of-bounds access when the property is malformed. The fix involves correcting the OOB check to properly verify that the property length is sufficient before accessing the element.
How can this vulnerability impact me? :
This vulnerability can cause out-of-bounds memory access in the Linux kernel, which may lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service if they can supply malformed properties to trigger the flaw.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that includes the correction for the out-of-bounds (OOB) check in software_node_get_reference_args(). This fix ensures proper bounds checking to prevent OOB access caused by malformed properties.