PT-2025-27738 · Linux+6 · Linux Kernel+6
Published
2025-05-20
·
Updated
2026-05-26
·
CVE-2025-38153
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A vulnerability in the Linux kernel has been identified, related to the aqc111 driver. The issue arises from incomplete sanitation of USB read calls' results, which can lead to the MAC address being only partly initialized, triggering KMSAN warnings. This problem is similar to one previously fixed in the asix driver. The vulnerability can cause uninit values to be stored in memory, potentially leading to issues with the
is valid ether addr function and the aqc111 bind function. The aqc111 read cmd function does not properly check its results, and the usbnet read cmd may read fewer bytes than expected.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu