EEPROM and OTP Size Modification Vulnerability in Linux Kernel for PCI1xxxx Devices
CVE-2025-38422

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38422?

The Linux kernel has a vulnerability affecting the lan743x network driver that involves the modification of EEPROM and OTP sizes for PCI1xxxx devices. The issue allows for adjusted maximum size definitions, preventing potential out-of-bounds read and write operations. This change ensures accurate EEPROM length returns based on device specifications, thus enhancing the stability and safety of data handling operations in affected drivers.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6b4201d74d0a49af2123abf2c9d142e59566714b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 088279ff18cdc437d6fac5890e0c52c624f78a5b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 51318d644c993b3f7a60b8616a6a5adc1e967cd2

References

https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c...

https://git.kernel.org/stable/c/088279ff18cdc437d6fac5890...

https://git.kernel.org/stable/c/51318d644c993b3f7a60b8616...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025