CVE-2025-38533
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's network driver code related to the wx_rx_buffer structure. The structure has two DMA address fields: 'dma' and 'page_dma'. Only 'page_dma' was properly initialized and used, but 'dma' was left uninitialized and yet used in some code paths. This can cause undefined behavior such as DMA errors or use-after-free conditions if the uninitialized 'dma' field is accessed.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to undefined behavior in the system, including DMA errors or use-after-free bugs. These issues might cause system instability, crashes, or potential security risks related to memory corruption. However, no such errors have been reported yet.