7.1
CVE-2025-38497
- EPSS 0.01%
- Veröffentlicht 28.07.2025 11:22:05
- Zuletzt bearbeitet 07.01.2026 16:26:35
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.16 < 5.4.297
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.241
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.190
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.147
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.100
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.40
Linux ≫ Linux Kernel Version >= 6.13 < 6.15.8
Linux ≫ Linux Kernel Version6.16 Updaterc1
Linux ≫ Linux Kernel Version6.16 Updaterc2
Linux ≫ Linux Kernel Version6.16 Updaterc3
Linux ≫ Linux Kernel Version6.16 Updaterc4
Linux ≫ Linux Kernel Version6.16 Updaterc5
Linux ≫ Linux Kernel Version6.16 Updaterc6
Debian ≫ Debian Linux Version11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.