CVE-2025-38330 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read18 documents7 sources

Severity

7.1HIGHNVD

OSV5.6

EPSS

0.0%

top 91.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedJul 10

Latest updateNov 4

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets(). The code uses mock_coeff_template.length_bytes (4 bytes) for register value allocations. But later, this length is set to 8 bytes which causes test code failures. As fix, just remove the lenght override, keeping the original value 4 for all operations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel6.14 — 6.15.4

▶msrcmsrc/azl3_kernel_6.6.92.2-2_on_azure_linux_3.0

▶CVEListV5linux/linux9b33a4fc500cedc1adc9c0ee01e30ffd50e5887a — e3dafc64b90546eb769f33333afabd9e3e915757+2

▶debiandebian/linux

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-hwe-6.14 vulnerabilities↗2025-11-04

▶

OSV

linux-gcp-6.14 vulnerabilities↗2025-10-31

▶

OSV

linux-aws-6.14 vulnerabilities↗2025-10-24

▶

OSV

linux-realtime-6.14 vulnerabilities↗2025-10-22

▶

OSV

linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14 vulnerabilities↗2025-10-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2025-11-04

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2025-10-31

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2025-10-24

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-10-22

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2025-10-22

▶