CVE-2025-38406

MEDIUM EPSS 6.8%
Published Jul 25, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel* <5.4.296
linuxlinux_kernel*≥5.5  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.144
linuxlinux_kernel*≥6.2  –  <6.6.97
linuxlinux_kernel*≥6.7  –  <6.12.37
linuxlinux_kernel*≥6.13  –  <6.15.6
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/27d07deea35ae67f2e75913242e25bdb7e1114e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/327997afbb5e62532c28c1861ab5534c01969c9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/347827bd0c5680dac2dd59674616840c4d5154f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46b47d4b06fa7f234d93f0f8ac43798feafcff89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89bd133529a4d2d68287128b357e49adc00ec690
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6c49f0b203a987c306676d241066451b74db1a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7417421d89358da071fd2930f91e67c7128fbff
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/27d07deea35ae67f2e75913242e25bdb7e1114e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/327997afbb5e62532c28c1861ab5534c01969c9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/347827bd0c5680dac2dd59674616840c4d5154f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46b47d4b06fa7f234d93f0f8ac43798feafcff89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89bd133529a4d2d68287128b357e49adc00ec690
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6c49f0b203a987c306676d241066451b74db1a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7417421d89358da071fd2930f91e67c7128fbff
    Patch