CVE-2025-38497

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/22b7897c289cc25d99c603f5144096142a30d897
https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468
https://git.kernel.org/stable/c/3014168731b7930300aab656085af784edc861f6
https://git.kernel.org/stable/c/58bdd5160184645771553ea732da5c2887fc9bd1
https://git.kernel.org/stable/c/783ea37b237a9b524f1e5ca018ea17d772ee0ea0

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: configfs: Corrección de lectura OOB en escritura de cadena vacía. Al escribir una cadena vacía en los atributos sysfs 'qw_sign' o 'landingPage', las funciones de almacenamiento intentan acceder a page[l - 1] antes de validar que la longitud 'l' sea mayor que cero. Este parche corrige la vulnerabilidad añadiendo una comprobación al inicio de os_desc_qw_sign_store() y webusb_landingPage_store() para gestionar correctamente la entrada de longitud cero, retornando inmediatamente.

28 Jul 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 12:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-38497

Mitre link : CVE-2025-38497

CVE.ORG link : CVE-2025-38497

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-38497

Attach tags to `CVE-2025-38497`