CVE-2025-38428

Опубликовано: 25 июл. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);"

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2383462kernel: Input: ims-pcu - check record size in ims_pcu_flash_firmware()

EPSS

Процентиль: 7%

0.00032

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-38428

ubuntu

25 дней назад

CVE-2025-38428

nvd

25 дней назад

CVE-2025-38428

msrc

13 дней назад

Описание отсутствует

CVE-2025-38428

debian

25 дней назад

In the Linux kernel, the following vulnerability has been resolved: I ...

GHSA-733g-xvvm-2g6j

github

25 дней назад

EPSS

Процентиль: 7%

0.00032

Низкий

5.5 Medium

CVSS3