CVE-2025-38422

Published: Jul 25, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write.

Vendor	Product	Versions
Linux	Linux	affected `695846047aa9b4bb387473a9fd227a51ae7de5e9 - < 6b4201d74d0a49af2123abf2c9d142e59566714b` affected `695846047aa9b4bb387473a9fd227a51ae7de5e9 - < 088279ff18cdc437d6fac5890e0c52c624f78a5b` affected `695846047aa9b4bb387473a9fd227a51ae7de5e9 - < 51318d644c993b3f7a60b8616a6a5adc1e967cd2` affected `695846047aa9b4bb387473a9fd227a51ae7de5e9 - < 9c41d2a2aa3817946eb613522200cab55513ddaa` affected `695846047aa9b4bb387473a9fd227a51ae7de5e9 - < 3b9935586a9b54d2da27901b830d3cf46ad66a1e`
Linux	Linux	affected `4.19` unaffected `0 - < 4.19` unaffected `6.1.142 - <= 6.1.` unaffected `6.6.95 - <= 6.6.` unaffected `6.12.35 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c9d142e59566714b

https://git.kernel.org/stable/c/088279ff18cdc437d6fac5890e0c52c624f78a5b

https://git.kernel.org/stable/c/51318d644c993b3f7a60b8616a6a5adc1e967cd2

https://git.kernel.org/stable/c/9c41d2a2aa3817946eb613522200cab55513ddaa

https://git.kernel.org/stable/c/3b9935586a9b54d2da27901b830d3cf46ad66a1e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-38422

Description

Affected Products

References