CVE-2025-38680
published 2025-09-04CVE-2025-38680: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
The buffer length check before calling uvc_parse_format() only ensured
that the buffer has at least 3 bytes (buflen > 2), buf the function
accesses buffer[3], requiring at least 4 bytes.
This can lead to an out-of-bounds read if the buffer has exactly 3 bytes.
Fix it by checking that the buffer has at least 4 bytes in
uvc_parse_format().
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 9ad554217c9b945031c73df4e8176a475e2dea57 | 9ad554217c9b945031c73df4e8176a475e2dea57 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 1e269581b3aa5962fdc52757ab40da286168c087 | 1e269581b3aa5962fdc52757ab40da286168c087 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 8343f3fe0b755925f83d60b05e92bf4396879758 | 8343f3fe0b755925f83d60b05e92bf4396879758 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < ffdd82182953df643aa63d999b6f1653d0c93778 | ffdd82182953df643aa63d999b6f1653d0c93778 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9 | a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < cac702a439050df65272c49184aef7975fe3eff2 | cac702a439050df65272c49184aef7975fe3eff2 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 424980d33b3f816485513e538610168b03fab9f1 | 424980d33b3f816485513e538610168b03fab9f1 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 6d4a7c0b296162354b6fc759a1475b9d57ddfaa6 | 6d4a7c0b296162354b6fc759a1475b9d57ddfaa6 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 782b6a718651eda3478b1824b37a8b3185d2740c | 782b6a718651eda3478b1824b37a8b3185d2740c |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.27 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH