CVE-2025-38533

EUVD-2025-27888
In the Linux kernel, the following vulnerability has been resolved:

net: libwx: fix the using of Rx buffer DMA

The wx_rx_buffer structure contained two DMA address fields: 'dma' and
'page_dma'. However, only 'page_dma' was actually initialized and used
to program the Rx descriptor. But 'dma' was uninitialized and used in
some paths.

This could lead to undefined behavior, including DMA errors or
use-after-free, if the uninitialized 'dma' was used. Althrough such
error has not yet occurred, it is worth fixing in the code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.3 ≤
𝑥
< 6.6.100
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.40
linuxlinux_kernel
6.13 ≤
𝑥
< 6.15.8
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
linuxlinux_kernel
6.16:rc3
linuxlinux_kernel
6.16:rc4
linuxlinux_kernel
6.16:rc5
linuxlinux_kernel
6.16:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
not-affected
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/027701180a7bcb64c42eab291133ef0c87b5b6c5
https://git.kernel.org/stable/c/05c37b574997892a40a0e9b9b88a481566b2367d
https://git.kernel.org/stable/c/5fd77cc6bd9b368431a815a780e407b7781bcca0
https://git.kernel.org/stable/c/ba7c793f96c1c2b944bb6f423d7243f3afc30fe9