CVE-2025-38173

MEDIUM EPSS 4.7%
Published Jul 3, 202512mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.2  –  <5.4.295
linuxlinux_kernel*≥5.5  –  <5.10.239
linuxlinux_kernel*≥5.11  –  <5.15.186
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/32d3e8049a8b60f18c5c39f5931bfb1130ac11c9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e9666ac8b94c978690f937d59170c5237bd2c45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7894694b5d5b2ecfd7fb081d6f60b9e169ab4d13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78ea1ff6cb413a03ff6f7af4e28e24b4461a0965
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a4e047c6cc07676f637608a9dd675349b5de0a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c064ae2881d839709bd72d484d5f2af157f46024
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9610dda42bd382a96f97e68825cb5f66cd9e1dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1cc69da619588b1488689fe3535a0ba75a2b0e7
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/32d3e8049a8b60f18c5c39f5931bfb1130ac11c9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e9666ac8b94c978690f937d59170c5237bd2c45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7894694b5d5b2ecfd7fb081d6f60b9e169ab4d13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78ea1ff6cb413a03ff6f7af4e28e24b4461a0965
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a4e047c6cc07676f637608a9dd675349b5de0a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c064ae2881d839709bd72d484d5f2af157f46024
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9610dda42bd382a96f97e68825cb5f66cd9e1dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1cc69da619588b1488689fe3535a0ba75a2b0e7
    Patch