Linux Kernel Vulnerability in Sierra USB Driver
CVE-2025-38474

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 July 2025

What is CVE-2025-38474?

A vulnerability exists in the Sierra USB driver of the Linux kernel, where the driver inadequately checks for a status endpoint. While it verifies the presence of three endpoints and checks that two are bulk input/output, it fails to ensure that the third endpoint functions as an interrupt input. This oversight could lead to unexpected behaviors or security issues. The resolution requires rectifying the omission to enhance the driver's integrity and prevent potential exploitation.

Affected Version(s)

Linux eb4fd8cd355c8ec425a12ec6cbdac614e8a4819d < 5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9

Linux eb4fd8cd355c8ec425a12ec6cbdac614e8a4819d < 5dd6a441748dad2f02e27b256984ca0b2d4546b6

Linux eb4fd8cd355c8ec425a12ec6cbdac614e8a4819d < 65c666aff44eb7f9079c55331abd9687fb77ba2d

References

https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fd...
https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256...
https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38474 : Linux Kernel Vulnerability in Sierra USB Driver