CVE-2025-38497

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: configfs: Fix OOB read on empty string write

When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero.

This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 78b41148cfea2a3f04d87adf3a71b21735820a37affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 15a87206879951712915c03c8952a73d6a74721eaffected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 2798111f8e504ac747cce911226135d50b8de468affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 58bdd5160184645771553ea732da5c2887fc9bd1affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 783ea37b237a9b524f1e5ca018ea17d772ee0ea0affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 22b7897c289cc25d99c603f5144096142a30d897affected
LinuxLinux87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 3014168731b7930300aab656085af784edc861f6affected
LinuxLinux3.16affected
LinuxLinux0 < 3.16unaffected
LinuxLinux5.4.297 <= 5.4.*unaffected
LinuxLinux5.10.241 <= 5.10.*unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.147 <= 6.1.*unaffected
LinuxLinux6.6.100 <= 6.6.*unaffected
LinuxLinux6.12.40 <= 6.12.*unaffected
LinuxLinux6.15.8 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References