-

CVE-2025-38497

EPSS 0.04%
Published 28.07.2025 11:22:05
Last modified 28.08.2025 15:15:51
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: configfs: Fix OOB read on empty string write

When writing an empty string to either 'qw_sign' or 'landingPage'
sysfs attributes, the store functions attempt to access page[l - 1]
before validating that the length 'l' is greater than zero.

This patch fixes the vulnerability by adding a check at the beginning
of os_desc_qw_sign_store() and webusb_landingPage_store() to handle
the zero-length input case gracefully by returning immediately.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 78b41148cfea2a3f04d87adf3a71b21735820a37

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 15a87206879951712915c03c8952a73d6a74721e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2798111f8e504ac747cce911226135d50b8de468

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 58bdd5160184645771553ea732da5c2887fc9bd1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 783ea37b237a9b524f1e5ca018ea17d772ee0ea0

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 22b7897c289cc25d99c603f5144096142a30d897

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 3014168731b7930300aab656085af784edc861f6

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468

https://git.kernel.org/stable/c/58bdd5160184645771553ea732da5c2887fc9bd1

https://git.kernel.org/stable/c/783ea37b237a9b524f1e5ca018ea17d772ee0ea0

https://git.kernel.org/stable/c/22b7897c289cc25d99c603f5144096142a30d897

https://git.kernel.org/stable/c/3014168731b7930300aab656085af784edc861f6

https://git.kernel.org/stable/c/15a87206879951712915c03c8952a73d6a74721e

https://git.kernel.org/stable/c/78b41148cfea2a3f04d87adf3a71b21735820a37

https://git.kernel.org/stable/c/d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76

https://nvd.nist.gov/vuln/detail/CVE-2025-38497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38497

EUVD