-

CVE-2025-38680

EPSS 0.05%
Veröffentlicht 04.09.2025 15:32:35
Zuletzt bearbeitet 05.09.2025 17:47:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()

The buffer length check before calling uvc_parse_format() only ensured
that the buffer has at least 3 bytes (buflen > 2), buf the function
accesses buffer[3], requiring at least 4 bytes.

This can lead to an out-of-bounds read if the buffer has exactly 3 bytes.

Fix it by checking that the buffer has at least 4 bytes in
uvc_parse_format().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 9ad554217c9b945031c73df4e8176a475e2dea57

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < 1e269581b3aa5962fdc52757ab40da286168c087

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < 8343f3fe0b755925f83d60b05e92bf4396879758

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < ffdd82182953df643aa63d999b6f1653d0c93778

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < cac702a439050df65272c49184aef7975fe3eff2

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < 424980d33b3f816485513e538610168b03fab9f1

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < 6d4a7c0b296162354b6fc759a1475b9d57ddfaa6

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

Version < 782b6a718651eda3478b1824b37a8b3185d2740c

Version c0efd232929c2cd87238de2cccdaf4e845be5b0c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.26

Status affected

Version < 2.6.26

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57

https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087

https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758

https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778

https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9

https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2

https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1

https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6

https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c

https://nvd.nist.gov/vuln/detail/CVE-2025-38680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38680

EUVD