CVE-2025-38422

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the networking subsystem related to the lan743x driver. The vulnerability involves incorrect handling of EEPROM and OTP sizes for PCI1xxxx devices, potentially leading to out-of-bounds read/write operations. The maximum OTP and EEPROM sizes for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. The issue is resolved by adjusting maximum size definitions and ensuring the correct EEPROM length is returned based on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-73040

BDU:2025-10955

CVE-2025-38422

DLA-4328-1

DSA-5973-1

ECHO-276D-1EBB-BA22

MGASA-2025-0218

MGASA-2025-0219

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Pci1Xxxx

Red Os

Ubuntu

Hearthstone Pci1Xxxx

Lan743X

CVE-2025-38422

Weakness Enumeration

Related Identifiers

Affected Products

References · 1325