-

CVE-2025-38142

EPSS 0.03%
Veröffentlicht 03.07.2025 08:35:43
Zuletzt bearbeitet 03.07.2025 15:13:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (asus-ec-sensors) check sensor index in read_string()

Prevent a potential invalid memory access when the requested sensor
is not found.

find_ec_sensor_index() may return a negative value (e.g. -ENOENT),
but its result was used without checking, which could lead to
undefined behavior when passed to get_sensor_info().

Add a proper check to return -EINVAL if sensor_index is negative.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[groeck: Return error code returned from find_ec_sensor_index]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 6bf529ce84dccc0074dbc704e70aee4aa545057e

Version d0ddfd241e5719d696bc0b081e260db69d368668

Status affected

Version < 4e9e45746b861ebd54c03ef301da2cb8fc990536

Version d0ddfd241e5719d696bc0b081e260db69d368668

Status affected

Version < 19bd9cde38dd4ca1771aed7afba623e7f4247c8e

Version d0ddfd241e5719d696bc0b081e260db69d368668

Status affected

Version < 7eeb3df6f07a886bdfd52757ede127a59a8784dc

Version d0ddfd241e5719d696bc0b081e260db69d368668

Status affected

Version < 25be318324563c63cbd9cb53186203a08d2f83a1

Version d0ddfd241e5719d696bc0b081e260db69d368668

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.94

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/6bf529ce84dccc0074dbc704e70aee4aa545057e

https://git.kernel.org/stable/c/4e9e45746b861ebd54c03ef301da2cb8fc990536

https://git.kernel.org/stable/c/19bd9cde38dd4ca1771aed7afba623e7f4247c8e

https://git.kernel.org/stable/c/7eeb3df6f07a886bdfd52757ede127a59a8784dc

https://git.kernel.org/stable/c/25be318324563c63cbd9cb53186203a08d2f83a1

https://nvd.nist.gov/vuln/detail/CVE-2025-38142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38142

EUVD