We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38391

usb: typec: altmodes/displayport: do not index invalid pin_assignments



Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX value in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop condition.

Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linux

Product status

Default status
unaffected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before c93bc959788ed9a1af7df57cb539837bdf790cee
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 114a977e0f6bf278e05eade055e13fc271f69cf7
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 621d5a3ef0231ab242f2d31eecec40c38ca609c5
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 2f535517b5611b7221ed478527e4b58e29536ddf
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 45e9444b3b97eaf51a5024f1fea92f44f39b50c6
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 5581e694d3a1c2f32c5a51d745c55b107644e1f8
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before 47cb5d26f61d80c805d7de4106451153779297a1
affected

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 before af4db5a35a4ef7a68046883bfd12468007db38f1
affected

Default status
affected

4.19
affected

Any version before 4.19
unaffected

5.4.296
unaffected

5.10.240
unaffected

5.15.187
unaffected

6.1.144
unaffected

6.6.97
unaffected

6.12.37
unaffected

6.15.6
unaffected

6.16-rc5
unaffected

References

git.kernel.org/...c/c93bc959788ed9a1af7df57cb539837bdf790cee

git.kernel.org/...c/114a977e0f6bf278e05eade055e13fc271f69cf7

git.kernel.org/...c/621d5a3ef0231ab242f2d31eecec40c38ca609c5

git.kernel.org/...c/2f535517b5611b7221ed478527e4b58e29536ddf

git.kernel.org/...c/45e9444b3b97eaf51a5024f1fea92f44f39b50c6

git.kernel.org/...c/5581e694d3a1c2f32c5a51d745c55b107644e1f8

git.kernel.org/...c/47cb5d26f61d80c805d7de4106451153779297a1

git.kernel.org/...c/af4db5a35a4ef7a68046883bfd12468007db38f1

cve.org (CVE-2025-38391)

nvd.nist.gov (CVE-2025-38391)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38391

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.