5.5
CVE-2025-38429
- EPSS 0.16%
- Veröffentlicht 25.07.2025 15:15:27
- Zuletzt bearbeitet 19.11.2025 18:59:56
- CVE-Watchlists
- Unerledigt
bus: mhi: ep: Update read pointer only after buffer is written
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rd_offset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption. Invoke the buffer write before updating rd_offset to ensure the element is fully written before signaling its availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.19 < 6.6.95
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.35
Linux ≫ Linux Kernel Version >= 6.13 < 6.15.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://git.kernel.org/stable/c/0007ef098dab48f1ba58364c40b4809f1e21b130
https://git.kernel.org/stable/c/44b9620e82bbec2b9a6ac77f63913636d84f96dc
https://git.kernel.org/stable/c/6f18d174b73d0ceeaa341f46c0986436b3aefc9a
https://git.kernel.org/stable/c/f704a80d9fa268e51a6cc5242714502c3c1fa605