CVE-2025-38600 — Off-by-one Error in Linux

CWE-193 — Off-by-one Error5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedAug 19

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to prevent an out of bounds access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel6.16

▶CVEListV5linux/linux8284815ca161e0fa0861cc4085f1c0141e10a34d — 4d80d4fa986c5da99042b66bf30a028e7f564156+2

▶debiandebian/linux

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-6gmp-c74h-hhc2: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and↗2025-08-19

▶

OSV

CVE-2025-38600: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and s↗2025-08-19

▶

📋Vendor Advisories

Red Hat

kernel: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan()↗2025-08-19

▶

Debian

CVE-2025-38600: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76:...↗2025

▶