CVE-2025-38680
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function accesses buffer[3], requiring at least 4 bytes. This can lead to an out-of-bounds read if the buffer has exactly 3 bytes. Fix it by checking that the buffer has at least 4 bytes in uvc_parse_format().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38680
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 6.1.153
linux kernel 5.10.244
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read in the Linux kernel's uvcvideo media driver. Specifically, the function uvc_parse_format() accesses the fourth byte of a buffer (buffer[3]) without ensuring the buffer is at least 4 bytes long. The prior check only ensured the buffer had more than 2 bytes (at least 3 bytes), which is insufficient. If the buffer has exactly 3 bytes, this leads to reading beyond the buffer boundary, causing an out-of-bounds read.

Impact Analysis

An out-of-bounds read can potentially lead to information disclosure or cause the system to behave unexpectedly, such as crashing or exposing sensitive memory contents. However, the exact impact depends on how the uvcvideo driver is used and whether an attacker can exploit this out-of-bounds read to gain unauthorized information or cause denial of service.

Mitigation Strategies

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the uvcvideo 1-byte out-of-bounds read issue in uvc_parse_format(). Ensure that your system is running the patched kernel where the buffer length check requires at least 4 bytes before accessing buffer[3].

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart