Buffer Validation Issue in Corsair CPRO Hardware Monitoring Driver
CVE-2025-38548

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38548?

A vulnerability in the Corsair CPRO hardware monitoring driver within the Linux kernel was identified, where the size of the input buffer was not properly validated. This oversight could lead to potential security risks if exploited, as it allows manipulation of buffer sizes in the send_usb_cmd() function. A fix has been implemented to validate the size of the received input, enhancing the overall security of the driver.

Affected Version(s)

Linux 40c3a445422579db8ad96c234dbe6c0ab3f6b936 < 0db770e2922389753ddbd6663a5516a32b97b743

Linux 40c3a445422579db8ad96c234dbe6c0ab3f6b936

Linux 40c3a445422579db8ad96c234dbe6c0ab3f6b936 < 3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8

References

https://git.kernel.org/stable/c/0db770e2922389753ddbd6663...

https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540...

https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025