5.5 CVE-2025-38613

Enriched by CISA Patch
 

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to userspace in function board_info_ioctl. The simplest fix is to initialize the entire struct to zero to ensure all unassigned padding fields are zero'd before being copied back to userspace.
https://nvd.nist.gov/vuln/detail/CVE-2025-38613

Categories

CWE-908 : Use of Uninitialized Resource
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

References


 

AFFECTED (from MITRE)

Vendor Product Versions
Linux Linux
  • 9dde4559e93955ccc47d588f7fd051684d55c4e7 < 19dedd4f70f5a6505e7c601ef7dd40542d1d9aa5 [affected]
  • 9dde4559e93955ccc47d588f7fd051684d55c4e7 < a739d3b13bff0dfa1aec679d08c7062131a2a425 [affected]
Linux Linux
  • 6.13 [affected]
  • < 6.13 [unaffected]
  • 6.16.1 ≤ 6.16.* [unaffected]
  • 6.17 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.13 < 6.16.1

REMEDIATION

Patch

Url
https://git.kernel.org/stable/c/19dedd4f70f5a6505e7c601ef7dd40542d1d9aa5
https://git.kernel.org/stable/c/a739d3b13bff0dfa1aec679d08c7062131a2a425

EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry