vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-38348): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Jul 10, 2025	Jul 14, 2025	Feb 13, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Jul 10, 2025

Added

Jul 14, 2025

Modified

Feb 13, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()

Robert Morris reported:

|If a malicious USB device pretends to be an Intersil p54 wifi
|interface and generates an eeprom_readback message with a large
|eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the
|message beyond the end of priv->eeprom.
|
|static void p54_rx_eeprom_readback(struct p54_common *priv,
| struct sk_buff *skb)
|{
| struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr->data;
|
| if (priv->fw_var >= 0x509) {
| memcpy(priv->eeprom, eeprom->v2.data,
| le16_to_cpu(eeprom->v2.len));
| } else {
| memcpy(priv->eeprom, eeprom->v1.data,
| le16_to_cpu(eeprom->v1.len));
| }
| [...]

The eeprom->v{1,2}.len is set by the driver in p54_download_eeprom().
The device is supposed to provide the same length back to the driver.
But yes, it's possible (like shown in the report) to alter the value
to something that causes a crash/panic due to overrun.

This patch addresses the issue by adding the size to the common device
context, so p54_rx_eeprom_readback no longer relies on possibly tampered
values... That said, it also checks if the "firmware" altered the value
and no longer copies them.

The one, small saving grace is: Before the driver tries to read the eeprom,
it needs to upload >a< firmware. the vendor firmware has a proprietary
license and as a reason, it is not present on most distributions by
default.

Solutions

ubuntu-upgrade-linux-image-5-15-0-1034-nvidia-tegra-igxubuntu-upgrade-linux-image-5-15-0-1034-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-5-15-0-1045-nvidia-tegraubuntu-upgrade-linux-image-5-15-0-1045-nvidia-tegra-rtubuntu-upgrade-linux-image-5-15-0-1056-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1075-gkeopubuntu-upgrade-linux-image-5-15-0-1085-intel-iot-realtimeubuntu-upgrade-linux-image-5-15-0-1086-ibmubuntu-upgrade-linux-image-5-15-0-1086-raspiubuntu-upgrade-linux-image-5-15-0-1087-intel-iotgubuntu-upgrade-linux-image-5-15-0-1087-nvidiaubuntu-upgrade-linux-image-5-15-0-1087-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1088-kvmubuntu-upgrade-linux-image-5-15-0-1089-gkeubuntu-upgrade-linux-image-5-15-0-1090-oracleubuntu-upgrade-linux-image-5-15-0-1092-awsubuntu-upgrade-linux-image-5-15-0-1092-aws-64kubuntu-upgrade-linux-image-5-15-0-1092-aws-fipsubuntu-upgrade-linux-image-5-15-0-1092-gcpubuntu-upgrade-linux-image-5-15-0-1092-gcp-fipsubuntu-upgrade-linux-image-5-15-0-1092-realtimeubuntu-upgrade-linux-image-5-15-0-1096-azureubuntu-upgrade-linux-image-5-15-0-1096-azure-fipsubuntu-upgrade-linux-image-5-15-0-156-fipsubuntu-upgrade-linux-image-5-15-0-156-genericubuntu-upgrade-linux-image-5-15-0-156-generic-64kubuntu-upgrade-linux-image-5-15-0-156-generic-lpaeubuntu-upgrade-linux-image-5-15-0-156-lowlatencyubuntu-upgrade-linux-image-5-15-0-156-lowlatency-64kubuntu-upgrade-linux-image-6-14-0-1007-azure-nvidiaubuntu-upgrade-linux-image-6-14-0-1014-azureubuntu-upgrade-linux-image-6-14-0-1014-oemubuntu-upgrade-linux-image-6-14-0-1014-realtimeubuntu-upgrade-linux-image-6-14-0-1015-awsubuntu-upgrade-linux-image-6-14-0-1015-aws-64kubuntu-upgrade-linux-image-6-14-0-1015-oracleubuntu-upgrade-linux-image-6-14-0-1015-oracle-64kubuntu-upgrade-linux-image-6-14-0-1016-raspiubuntu-upgrade-linux-image-6-14-0-1018-gcpubuntu-upgrade-linux-image-6-14-0-1018-gcp-64kubuntu-upgrade-linux-image-6-14-0-34-genericubuntu-upgrade-linux-image-6-14-0-34-generic-64kubuntu-upgrade-linux-image-6-8-0-100-genericubuntu-upgrade-linux-image-6-8-0-100-generic-64kubuntu-upgrade-linux-image-6-8-0-1047-gcpubuntu-upgrade-linux-image-6-8-0-1047-gcp-64kubuntu-upgrade-linux-image-6-8-0-1047-raspiubuntu-upgrade-linux-image-6-8-1-1041-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-5-15ubuntu-upgrade-linux-image-aws-6-14ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-5-15ubuntu-upgrade-linux-image-aws-64k-6-14ubuntu-upgrade-linux-image-aws-64k-lts-22-04ubuntu-upgrade-linux-image-aws-fipsubuntu-upgrade-linux-image-aws-fips-5-15ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-5-15ubuntu-upgrade-linux-image-azure-6-14ubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fipsubuntu-upgrade-linux-image-azure-fips-5-15ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-azure-nvidia-6-14ubuntu-upgrade-linux-image-fipsubuntu-upgrade-linux-image-fips-5-15ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-5-15ubuntu-upgrade-linux-image-gcp-6-14ubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-14ubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-gcp-fipsubuntu-upgrade-linux-image-gcp-fips-5-15ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-5-15ubuntu-upgrade-linux-image-generic-6-14ubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-5-15ubuntu-upgrade-linux-image-generic-64k-6-14ubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-5-15ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-5-15ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iot-realtimeubuntu-upgrade-linux-image-intel-iot-realtime-5-15ubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-intel-iotg-5-15ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-kvm-5-15ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-5-15ubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-5-15ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-5-15ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-5-15ubuntu-upgrade-linux-image-nvidia-tegraubuntu-upgrade-linux-image-nvidia-tegra-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igxubuntu-upgrade-linux-image-nvidia-tegra-igx-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-nvidia-tegra-igx-rt-5-15ubuntu-upgrade-linux-image-nvidia-tegra-rtubuntu-upgrade-linux-image-nvidia-tegra-rt-5-15ubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oem-24-04cubuntu-upgrade-linux-image-oem-6-14ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-5-15ubuntu-upgrade-linux-image-oracle-6-14ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-14ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-5-15ubuntu-upgrade-linux-image-raspi-6-14ubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-5-15ubuntu-upgrade-linux-image-realtime-6-14ubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-5-15ubuntu-upgrade-linux-image-virtual-6-14ubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmpubuntu-upgrade-linux-image-xilinx-zynqmp-5-15

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today