CVE-2025-38340

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified)

Description: The Linux kernel contains a flaw in the cs dsp firmware that may lead to an out-of-bounds memory read access. This issue was identified through KASAN (Kernel Address Sanitizer) reporting during a KUnit test. The root cause is related to incorrect handling of string lengths during memory allocation within the cs dsp mock bin add name or info() function.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-08801

CVE-2025-38340

ECHO-E565-A038-D17A

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Astra Linux

Debian

Linux Kernel

Linuxmint

Ubuntu

CVE-2025-38340

Weakness Enumeration

Related Identifiers

Affected Products

References · 211