-

CVE-2025-38428

EPSS 0.04%
Veröffentlicht 25.07.2025 15:15:27
Zuletzt bearbeitet 25.07.2025 15:29:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

Input: ims-pcu - check record size in ims_pcu_flash_firmware()

The "len" variable comes from the firmware and we generally do
trust firmware, but it's always better to double check.  If the "len"
is too large it could result in memory corruption when we do
"memcpy(fragment->data, rec->data, len);"

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < d63706d9f73846106fde28b284f08e01b92ce9f1

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < e5a2481dc2a0b430f49276d7482793a8923631d6

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < 8e03f1c7d50343bf21da54873301bc4fa647479f

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < 17474a56acf708bf6b2d174c06ed26abad0a9fd6

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < 5a8cd6ae8393e2eaebf51d420d5374821ef2af87

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < 74661516daee1eadebede8dc607b6830530096ec

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

Version < a95ef0199e80f3384eb992889322957d26c00102

Version 628329d52474323938a03826941e166bc7c8eff4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.10

Status affected

Version < 3.10

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.295

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/17474a56acf708bf6b2d174c06ed26abad0a9fd6

https://git.kernel.org/stable/c/5a8cd6ae8393e2eaebf51d420d5374821ef2af87

https://git.kernel.org/stable/c/74661516daee1eadebede8dc607b6830530096ec

https://git.kernel.org/stable/c/8e03f1c7d50343bf21da54873301bc4fa647479f

https://git.kernel.org/stable/c/a95ef0199e80f3384eb992889322957d26c00102

https://git.kernel.org/stable/c/c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204

https://git.kernel.org/stable/c/d63706d9f73846106fde28b284f08e01b92ce9f1

https://git.kernel.org/stable/c/e5a2481dc2a0b430f49276d7482793a8923631d6

https://nvd.nist.gov/vuln/detail/CVE-2025-38428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38428

EUVD