CVE-2025-38679

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The event seq changed() handler in the Linux kernel does not validate the payload size against the message length, potentially leading to out-of-bounds memory access if the firmware provides a property count exceeding the available data. This condition can result in kernel crashes or information leaks. The issue is related to processing a variable number of properties sent by the firmware. The fix involves validating the remaining payload size before each property access and updating bounds accordingly during parsing to ensure safe operation within the received message buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-66863

AZL-73821

BDU:2025-15766

CVE-2025-38679

DLA-4328-1

DSA-6009-1

ECHO-5AF3-025F-F424

MGASA-2025-0234

MGASA-2025-0235

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

SUSE-SU-2025:3751-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38679

Weakness Enumeration

Related Identifiers

Affected Products

References · 2999