CVE-2025-38680
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | 6.1.153 |
| linux | kernel | 5.10.244 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the Linux kernel's uvcvideo media driver. Specifically, the function uvc_parse_format() accesses the fourth byte of a buffer (buffer[3]) without ensuring the buffer is at least 4 bytes long. The prior check only ensured the buffer had more than 2 bytes (at least 3 bytes), which is insufficient. If the buffer has exactly 3 bytes, this leads to reading beyond the buffer boundary, causing an out-of-bounds read.
How can this vulnerability impact me? :
An out-of-bounds read can potentially lead to information disclosure or cause the system to behave unexpectedly, such as crashing or exposing sensitive memory contents. However, the exact impact depends on how the uvcvideo driver is used and whether an attacker can exploit this out-of-bounds read to gain unauthorized information or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the uvcvideo 1-byte out-of-bounds read issue in uvc_parse_format(). Ensure that your system is running the patched kernel where the buffer length check requires at least 4 bytes before accessing buffer[3].