CVE-2025-38497
BaseFortify
Publication date: 2025-07-28
Last updated on: 2026-01-07
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.16 (inc) to 5.4.297 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.241 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.190 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.147 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.100 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.40 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.8 (exc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's USB gadget configfs subsystem. When an empty string is written to the 'qw_sign' or 'landingPage' sysfs attributes, the code attempts to read memory before properly checking if the string length is greater than zero. This results in an out-of-bounds (OOB) read. The issue is fixed by adding a check to handle zero-length input safely, preventing the invalid memory access.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds memory read when writing empty strings to certain USB gadget configfs attributes. This could potentially cause system instability or crashes, and might be exploitable to leak sensitive information from kernel memory, depending on the context and attacker capabilities.