CVE-2025-38497
Published: Jul 28, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 87213d388e927aaa88b21d5ff7e1f75ca2288da1 - < 78b41148cfea2a3f04d87adf3a71b21735820a37affected 87213d388e927aaa88b21d5ff7e1f75ca2288da1 - < d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76affected 87213d388e927aaa88b21d5ff7e1f75ca2288da1 - < 15a87206879951712915c03c8952a73d6a74721eaffected 87213d388e927aaa88b21d5ff7e1f75ca2288da1 - < 2798111f8e504ac747cce911226135d50b8de468affected 87213d388e927aaa88b21d5ff7e1f75ca2288da1 - < 58bdd5160184645771553ea732da5c2887fc9bd1+3 more versions |
Linux | Linux | affected 3.16unaffected 0 - < 3.16unaffected 5.4.297 - <= 5.4.*unaffected 5.10.241 - <= 5.10.*unaffected 5.15.190 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now