PT-2025-27728 · Linux+6 · Linux Kernel+6

Published

2025-04-24

·

Updated

2026-04-20

·

CVE-2025-38142

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A potential invalid memory access issue has been identified in the Linux kernel, specifically in the asus-ec-sensors component of the hwmon subsystem. The find ec sensor index() function may return a negative value, but its result was used without proper checking, potentially leading to undefined behavior when passed to get sensor info(). This issue could be exploited to cause undefined behavior when the requested sensor is not found. The problem was discovered by the Linux Verification Center with SVACE.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

NULL Pointer Dereference

Weakness Enumeration

CWE-119CWE-476

Related Identifiers

AZL-64523
BDU:2025-09636
CVE-2025-38142
DLA-4328-1
DSA-5973-1
ECHO-AB95-3F36-FECD
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1823
OESA-2025-1824
OESA-2025-1870
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu