We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38428

Input: ims-pcu - check record size in ims_pcu_flash_firmware()



Description

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);"

Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linux

Product status

Default status
unaffected

628329d52474323938a03826941e166bc7c8eff4 before c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204
affected

628329d52474323938a03826941e166bc7c8eff4 before d63706d9f73846106fde28b284f08e01b92ce9f1
affected

628329d52474323938a03826941e166bc7c8eff4 before e5a2481dc2a0b430f49276d7482793a8923631d6
affected

628329d52474323938a03826941e166bc7c8eff4 before 8e03f1c7d50343bf21da54873301bc4fa647479f
affected

628329d52474323938a03826941e166bc7c8eff4 before 17474a56acf708bf6b2d174c06ed26abad0a9fd6
affected

628329d52474323938a03826941e166bc7c8eff4 before 5a8cd6ae8393e2eaebf51d420d5374821ef2af87
affected

628329d52474323938a03826941e166bc7c8eff4 before 74661516daee1eadebede8dc607b6830530096ec
affected

628329d52474323938a03826941e166bc7c8eff4 before a95ef0199e80f3384eb992889322957d26c00102
affected

Default status
affected

3.10
affected

Any version before 3.10
unaffected

5.4.295
unaffected

5.10.239
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.95
unaffected

6.12.35
unaffected

6.15.4
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204

git.kernel.org/...c/d63706d9f73846106fde28b284f08e01b92ce9f1

git.kernel.org/...c/e5a2481dc2a0b430f49276d7482793a8923631d6

git.kernel.org/...c/8e03f1c7d50343bf21da54873301bc4fa647479f

git.kernel.org/...c/17474a56acf708bf6b2d174c06ed26abad0a9fd6

git.kernel.org/...c/5a8cd6ae8393e2eaebf51d420d5374821ef2af87

git.kernel.org/...c/74661516daee1eadebede8dc607b6830530096ec

git.kernel.org/...c/a95ef0199e80f3384eb992889322957d26c00102

cve.org (CVE-2025-38428)

nvd.nist.gov (CVE-2025-38428)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38428

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.