CVE-2025-38429
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mhi_ep_ring_add_element function, where the read pointer (rd_offset) is updated before the buffer is fully written. This premature update can cause race conditions, allowing the host to access an uninitialized or incomplete buffer element, which may lead to data corruption.
How can this vulnerability impact me? :
The vulnerability can lead to data corruption because the host might read buffer data before it is completely written. This can cause system instability, incorrect data processing, or application errors depending on how the affected buffer is used.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the mhi_ep_ring_add_element function has been fixed to update the read pointer (rd_offset) only after the buffer is fully written. This prevents race conditions and data corruption by ensuring the host does not access incomplete elements.