CVE-2025-38548

HIGH EPSS 4.8%
Published Aug 16, 202510mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 16, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.9  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.147
linuxlinux_kernel*≥6.2  –  <6.6.100
linuxlinux_kernel*≥6.7  –  <6.12.40
linuxlinux_kernel*≥6.13  –  <6.15.8
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e6f4d9cfbda52700c126c5a2b93dd2042e8680c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4eb5cc48399f89b63acdbfe912fa5c8fe2900147
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e6f4d9cfbda52700c126c5a2b93dd2042e8680c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4eb5cc48399f89b63acdbfe912fa5c8fe2900147
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494
    Patch