software node: Correct a OOB check in software_node_get_reference_args()
Summary
| CVE | CVE-2025-38342 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-07-10 09:15:29 UTC |
| Updated | 2026-05-12 13:16:48 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'. |
Risk And Classification
Primary CVSS: v3.1 7.1 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Problem Types: CWE-125
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 142acd739eb6f08c148a96ae8309256f1422ff4b git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 56ce76e8d406cc72b89aee7931df5cf3f18db49d git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 9324127b07dde8529222dc19233aa57ec810856c git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 f9397cf7bfb680799fb8c7f717c8f756384c3280 git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 4b3383110b6df48e0ba5936af2cb68d5eb6bd43b git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 7af18e42bdefe1dba5bcb32555a4d524fd504939 git | Not specified |
| CNA | Linux | Linux | affected 59abd83672f70cac4b6bf9b237506c5bc6837606 31e4e12e0e9609850cefd4b2e1adf782f56337d6 git | Not specified |
| CNA | Linux | Linux | affected 5.0 | Not specified |
| CNA | Linux | Linux | unaffected 5.0 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.239 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.186 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.142 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.95 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.35 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.15.4 6.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.16 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lists.debian.org/debian-lts-announce/2025/10/msg00008.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/4b3383110b6df48e0ba5936af2cb68d5eb6bd43b | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/7af18e42bdefe1dba5bcb32555a4d524fd504939 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/142acd739eb6f08c148a96ae8309256f1422ff4b | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/f9397cf7bfb680799fb8c7f717c8f756384c3280 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/9324127b07dde8529222dc19233aa57ec810856c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/31e4e12e0e9609850cefd4b2e1adf782f56337d6 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/56ce76e8d406cc72b89aee7931df5cf3f18db49d | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| lists.debian.org/debian-lts-announce/2025/10/msg00007.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.