CVE-2025-38422
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-12-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-12-23
Generated
2026-05-27
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38422
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.19 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's network driver for PCI1xxxx devices (lan743x). It relates to incorrect definitions of the maximum sizes for EEPROM and OTP memory areas, which could lead to out-of-bound read or write operations. The fix adjusts the maximum size definitions and ensures the correct EEPROM length is returned based on the device, preventing these out-of-bound memory accesses.


How can this vulnerability impact me? :

The vulnerability could allow out-of-bound read or write operations on the EEPROM or OTP memory of affected PCI1xxxx devices, potentially leading to system instability, data corruption, or security issues such as unauthorized memory access.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart