7.8

CVE-2025-38548

hwmon: (corsair-cpro) Validate the size of the received input buffer

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (corsair-cpro) Validate the size of the received input buffer

Add buffer_recv_size to store the size of the received bytes.
Validate buffer_recv_size in send_usb_cmd().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.9 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.147
LinuxLinux Kernel Version >= 6.2 < 6.6.100
LinuxLinux Kernel Version >= 6.7 < 6.12.40
LinuxLinux Kernel Version >= 6.13 < 6.15.8
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
LinuxLinux Kernel Version6.16 Updaterc6
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
Patch
https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494
Patch
https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
Patch
https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
Patch
https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
Patch
https://git.kernel.org/stable/c/2e6f4d9cfbda52700c126c5a2b93dd2042e8680c
Patch
https://git.kernel.org/stable/c/4eb5cc48399f89b63acdbfe912fa5c8fe2900147
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List