CVE-2025-38428

Опубликовано: 25 июл. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);"

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2383462kernel: Input: ims-pcu - check record size in ims_pcu_flash_firmware()

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-38428

ubuntu

4 месяца назад

CVE-2025-38428

nvd

4 месяца назад

CVE-2025-38428

CVSS3: 7.8

msrc

3 месяца назад

Input: ims-pcu - check record size in ims_pcu_flash_firmware()

CVE-2025-38428

debian

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: I ...

GHSA-733g-xvvm-2g6j

github

4 месяца назад

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3