QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-38428

Back to search

CVE-2025-38428

Published: Jul 25, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);"

VendorProductVersions

Linux

Linux

affected
628329d52474323938a03826941e166bc7c8eff4 - < c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204
affected
628329d52474323938a03826941e166bc7c8eff4 - < d63706d9f73846106fde28b284f08e01b92ce9f1
affected
628329d52474323938a03826941e166bc7c8eff4 - < e5a2481dc2a0b430f49276d7482793a8923631d6
affected
628329d52474323938a03826941e166bc7c8eff4 - < 8e03f1c7d50343bf21da54873301bc4fa647479f
affected
628329d52474323938a03826941e166bc7c8eff4 - < 17474a56acf708bf6b2d174c06ed26abad0a9fd6

+3 more versions

Linux

Linux

affected
3.10
unaffected
0 - < 3.10
unaffected
5.4.295 - <= 5.4.*
unaffected
5.10.239 - <= 5.10.*
unaffected
5.15.186 - <= 5.15.*

+5 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now