exploitDog

CVE-2025-38548

Опубликовано: 16 авг. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (corsair-cpro) Validate the size of the received input buffer

Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().

Ссылки

https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
Patch
https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
Patch
https://git.kernel.org/stable/c/2e6f4d9cfbda52700c126c5a2b93dd2042e8680c
Patch
https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
Patch
https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
Patch
https://git.kernel.org/stable/c/4eb5cc48399f89b63acdbfe912fa5c8fe2900147
Patch
https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.9 (включая) до 5.10.241 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.190 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.147 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.100 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.40 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.15.8 (исключая)

cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-38548

CVSS3: 7.8

ubuntu

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().

CVE-2025-38548

CVSS3: 5.5

redhat

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().

CVE-2025-38548

CVSS3: 5.5

msrc

5 месяцев назад

hwmon: (corsair-cpro) Validate the size of the received input buffer

CVE-2025-38548

CVSS3: 7.8

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: h ...

GHSA-9m7r-fq3j-mfwq

CVSS3: 7.8

github

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo