CVE-2025-38391

MEDIUM EPSS 6.7%
Published Jul 25, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX value in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop condition.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.19  –  <5.4.296
linuxlinux_kernel*≥5.5  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.144
linuxlinux_kernel*≥6.2  –  <6.6.97
linuxlinux_kernel*≥6.7  –  <6.12.37
linuxlinux_kernel*≥6.13  –  <6.15.6
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/114a977e0f6bf278e05eade055e13fc271f69cf7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f535517b5611b7221ed478527e4b58e29536ddf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/45e9444b3b97eaf51a5024f1fea92f44f39b50c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47cb5d26f61d80c805d7de4106451153779297a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5581e694d3a1c2f32c5a51d745c55b107644e1f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/621d5a3ef0231ab242f2d31eecec40c38ca609c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af4db5a35a4ef7a68046883bfd12468007db38f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c93bc959788ed9a1af7df57cb539837bdf790cee
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/114a977e0f6bf278e05eade055e13fc271f69cf7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f535517b5611b7221ed478527e4b58e29536ddf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/45e9444b3b97eaf51a5024f1fea92f44f39b50c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47cb5d26f61d80c805d7de4106451153779297a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5581e694d3a1c2f32c5a51d745c55b107644e1f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/621d5a3ef0231ab242f2d31eecec40c38ca609c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af4db5a35a4ef7a68046883bfd12468007db38f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c93bc959788ed9a1af7df57cb539837bdf790cee
    Patch