Error Handling Flaw in AQC111 Driver of Linux Kernel by Vendor
CVE-2025-38153

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
3 July 2025

What is CVE-2025-38153?

A vulnerability in the AQC111 driver of the Linux kernel was identified that stems from inadequate error handling during USB read operations. Specifically, the function 'usbnet_read_cmd()' may return fewer bytes than requested, leading to improper initialization of critical variables like the MAC address in subsequent processing. This oversight can result in system warnings and instability. A fix has been implemented to ensure that the number of bytes read is thoroughly verified against expectations prior to usage, enhancing the driver’s robustness against such issues.

Affected Version(s)

Linux df2d59a2ab6c9ceac2c4104272fce03493b8f62f < 8c97655275482ef5384ce0501640630a0fc0f6f4

Linux df2d59a2ab6c9ceac2c4104272fce03493b8f62f < 11273279012c922f37cfb4dd95d142803fc07b98

Linux df2d59a2ab6c9ceac2c4104272fce03493b8f62f

References

https://git.kernel.org/stable/c/8c97655275482ef5384ce0501...
https://git.kernel.org/stable/c/11273279012c922f37cfb4dd9...
https://git.kernel.org/stable/c/f398d2dfe450ce2c031d10b58...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38153 : Error Handling Flaw in AQC111 Driver of Linux Kernel by Vendor