#VU112807 Input validation error in Linux kernel - CVE-2025-38348


Vulnerability identifier: #VU112807

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38348

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0e4dc150423b829c35cbcf399481ca11594fc036
https://git.kernel.org/stable/c/12134f79e53eb56b0b0b7447fa0c512acf6a8422
https://git.kernel.org/stable/c/1f7f8168abe8cbe845ab8bb557228d44784a6b57
https://git.kernel.org/stable/c/6d05390d20f110de37d051a3e063ef0a542d01fb
https://git.kernel.org/stable/c/714afb4c38edd19a057d519c1f9c5d164b43de94
https://git.kernel.org/stable/c/9701f842031b825e2fd5f22d064166f8f13f6e4d
https://git.kernel.org/stable/c/da1b9a55ff116cb040528ef664c70a4eec03ae99
https://git.kernel.org/stable/c/f39b2f8c1549a539846e083790fad396ef6cd802

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP1 update for kernel
openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
Ubuntu update for linux-hwe-6.14
Ubuntu update for linux-gcp-6.14
Ubuntu update for linux-aws-6.14
Anolis OS update for kernel:6.6
Ubuntu update for linux
Ubuntu update for linux-azure
Ubuntu update for linux-realtime-6.14