7.1

CVE-2025-38342

software node: Correct a OOB check in software_node_get_reference_args()

In the Linux kernel, the following vulnerability has been resolved:

software node: Correct a OOB check in software_node_get_reference_args()

software_node_get_reference_args() wants to get @index-th element, so
the property value requires at least '(index + 1) * sizeof(*ref)' bytes
but that can not be guaranteed by current OOB check, and may cause OOB
for malformed property.

Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.0 < 5.10.239
LinuxLinux Kernel Version >= 5.11 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.95
LinuxLinux Kernel Version >= 6.7 < 6.12.35
LinuxLinux Kernel Version >= 6.13 < 6.15.4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/142acd739eb6f08c148a96ae8309256f1422ff4b
Patch
https://git.kernel.org/stable/c/56ce76e8d406cc72b89aee7931df5cf3f18db49d
Patch
https://git.kernel.org/stable/c/9324127b07dde8529222dc19233aa57ec810856c
Patch
https://git.kernel.org/stable/c/f9397cf7bfb680799fb8c7f717c8f756384c3280
Patch
https://git.kernel.org/stable/c/4b3383110b6df48e0ba5936af2cb68d5eb6bd43b
Patch
https://git.kernel.org/stable/c/7af18e42bdefe1dba5bcb32555a4d524fd504939
Patch
https://git.kernel.org/stable/c/31e4e12e0e9609850cefd4b2e1adf782f56337d6
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html