EEPROM and OTP Size Modification Vulnerability in Linux Kernel for PCI1xxxx Devices
CVE-2025-38422

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38422?

The Linux kernel has a vulnerability affecting the lan743x network driver that involves the modification of EEPROM and OTP sizes for PCI1xxxx devices. The issue allows for adjusted maximum size definitions, preventing potential out-of-bounds read and write operations. This change ensures accurate EEPROM length returns based on device specifications, thus enhancing the stability and safety of data handling operations in affected drivers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 695846047aa9b4bb387473a9fd227a51ae7de5e9 < 6b4201d74d0a49af2123abf2c9d142e59566714b

Linux 695846047aa9b4bb387473a9fd227a51ae7de5e9 < 088279ff18cdc437d6fac5890e0c52c624f78a5b

Linux 695846047aa9b4bb387473a9fd227a51ae7de5e9 < 51318d644c993b3f7a60b8616a6a5adc1e967cd2

References

https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c...
https://git.kernel.org/stable/c/088279ff18cdc437d6fac5890...
https://git.kernel.org/stable/c/51318d644c993b3f7a60b8616...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.