CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (corsair-cpro) Validate the size of the received input buffer

Add buffer_recv_size to store the size of the received bytes.
Validate buffer_recv_size in send_usb_cmd().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
6.1.147-1
fixed
trixie (security)
6.12.41-1
fixed
forky
vulnerable
sid
vulnerable
trixie
vulnerable
References
https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494