CVE-2025-38497
published 2025-07-28CVE-2025-38497: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: configfs: Fix OOB read on empty string write
When writing an empty string to either 'qw_sign' or 'landingPage'
sysfs attributes, the store functions attempt to access page[l - 1]
before validating that the length 'l' is greater than zero.
This patch fixes the vulnerability by adding a check at the beginning
of os_desc_qw_sign_store() and webusb_landingPage_store() to handle
the zero-length input case gracefully by returning immediately.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 78b41148cfea2a3f04d87adf3a71b21735820a37 | 78b41148cfea2a3f04d87adf3a71b21735820a37 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76 | d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 15a87206879951712915c03c8952a73d6a74721e | 15a87206879951712915c03c8952a73d6a74721e |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 2798111f8e504ac747cce911226135d50b8de468 | 2798111f8e504ac747cce911226135d50b8de468 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 58bdd5160184645771553ea732da5c2887fc9bd1 | 58bdd5160184645771553ea732da5c2887fc9bd1 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 783ea37b237a9b524f1e5ca018ea17d772ee0ea0 | 783ea37b237a9b524f1e5ca018ea17d772ee0ea0 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 22b7897c289cc25d99c603f5144096142a30d897 | 22b7897c289cc25d99c603f5144096142a30d897 |
| linux | linux | >= 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 3014168731b7930300aab656085af784edc861f6 | 3014168731b7930300aab656085af784edc861f6 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 3.16 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.147 | 6.1.147 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.8 | 6.15.8 |
| linux | linux_kernel | >= 6.2 < 6.6.100 | 6.6.100 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH