CVE-2025-38474

In the Linux kernel, the following vulnerability has been resolved:

usb: net: sierra: check for no status endpoint

The driver checks for having three endpoints and
having bulk in and out endpoints, but not that
the third endpoint is interrupt input.
Rectify the omission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie (security)
vulnerable
sid
vulnerable
trixie
vulnerable
References
https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158
https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9
https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6
https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d
https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a