CVE-2025-38159
Published: Jul 3, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes: void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data) { ... SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data); SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1)); ... SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4)); Detected using the static analysis tool - Svace.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 4136214f7c46839c15f0f177fe1d5052302c0205 - < 1ee8ea6937d13b20f90ff35d71ccc03ba448182daffected 4136214f7c46839c15f0f177fe1d5052302c0205 - < 68a1037f0bac4de9a585aa9c879ef886109f3647affected 4136214f7c46839c15f0f177fe1d5052302c0205 - < 74e18211c2c89ab66c9546baa7408288db61aa0daffected 4136214f7c46839c15f0f177fe1d5052302c0205 - < c13255389499275bc5489a0b5b7940ccea3aef04affected 4136214f7c46839c15f0f177fe1d5052302c0205 - < 9febcc8bded8be0d7efd8237fcef599b6d93b788+1 more versions |
Linux | Linux | affected 5.4unaffected 0 - < 5.4unaffected 5.15.186 - <= 5.15.*unaffected 6.1.142 - <= 6.1.*unaffected 6.6.94 - <= 6.6.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now