Linux Kernel Vulnerability in CXUSB Media Driver by Linux Foundation
CVE-2025-38229

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38229?

A vulnerability has been identified in the CXUSB media driver within the Linux kernel. This issue arises during the USB bulk message write operation, where certain conditions lead to an uninitialized variable. Specifically, when the write operation of usb_bulk_msg() fails and the operation returns a length (rlen) of 1, the subsequent read operation from the device does not occur. Consequently, a critical variable, i, is not initialized, which can result in unreliable behavior and potential security risks in systems utilizing this driver.

Affected Version(s)

Linux 22c6d93a73105fddd58796d7cb10f5f90ee2a338 < 390b864e3281802109dfe56e508396683e125653

Linux 22c6d93a73105fddd58796d7cb10f5f90ee2a338 < 41807a5f67420464ac8ee7741504f6b5decb3b7c

Linux 22c6d93a73105fddd58796d7cb10f5f90ee2a338 < 84eca597baa346f09b30accdaeca10ced3eeba2d

References

https://git.kernel.org/stable/c/390b864e3281802109dfe56e5...

https://git.kernel.org/stable/c/41807a5f67420464ac8ee7741...

https://git.kernel.org/stable/c/84eca597baa346f09b30accda...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025