Buffer Overflow Vulnerability in Linux Kernel Affects Intersil p54 WiFi Devices
CVE-2025-38348

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38348?

A vulnerability exists in the Linux kernel's p54 driver, allowing a malicious USB device masquerading as an Intersil p54 WiFi interface to trigger a buffer overflow. This occurs when an attacker sends a crafted eeprom_readback message that exceeds the expected length, leading to potential crashes or system instability. Mitigation measures have been implemented that involve validating eeprom lengths before processing to prevent reliance on potentially tampered values, enhancing security against exploitation.

Affected Version(s)

Linux 7cb770729ba895f73253dfcd46c3fcba45d896f9 < 12134f79e53eb56b0b0b7447fa0c512acf6a8422

Linux 7cb770729ba895f73253dfcd46c3fcba45d896f9 < 9701f842031b825e2fd5f22d064166f8f13f6e4d

Linux 7cb770729ba895f73253dfcd46c3fcba45d896f9 < 1f7f8168abe8cbe845ab8bb557228d44784a6b57

References

https://git.kernel.org/stable/c/12134f79e53eb56b0b0b7447f...

https://git.kernel.org/stable/c/9701f842031b825e2fd5f22d0...

https://git.kernel.org/stable/c/1f7f8168abe8cbe845ab8bb55...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025