CVE-2025-38406
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-12-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.4.296 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.240 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.187 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.144 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.97 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.37 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.6 (exc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's ath6kl wifi driver, where a WARN_ON() warning was triggered on receiving bad firmware input. The issue is that the warning did not add value because the bad input was not related to the driver's stack. The fix involved removing this warning and instead printing a message with the sizes of the input, addressing one of the top syzbot reports.
How can this vulnerability impact me? :
The vulnerability causes unnecessary warnings in the kernel logs when bad firmware input is received, which does not affect the driver's stack or functionality. While it may clutter logs and reports, it does not directly impact system security or stability.