CVE-2025-38474

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8	Patch
https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158	Patch
https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785	Patch
https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9	Patch
https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6	Patch
https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d	Patch
https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92	Patch
https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc6::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

22 Dec 2025, 19:29

Type	Values Removed	Values Added
First Time		Linux Debian Debian debian Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc6:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:-:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc6::::::
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8 -~~	() https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8 - Patch
References	~~() https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 -~~	() https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 - Patch
References	~~() https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785 -~~	() https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785 - Patch
References	~~() https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9 -~~	() https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9 - Patch
References	~~() https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6 -~~	() https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6 - Patch
References	~~() https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d -~~	() https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d - Patch
References	~~() https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92 -~~	() https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92 - Patch
References	~~() https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a -~~	() https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory, Mailing List
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory, Mailing List
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

28 Aug 2025, 15:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8 - () https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785 - () https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92 -

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: net: sierra: comprobar si el endpoint no tiene estado. El controlador comprueba si hay tres endpoints y si hay endpoints de entrada y salida masivos, pero no si el tercer endpoint es una entrada de interrupción. Corrija la omisión.

28 Jul 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 12:15

Updated : 2025-12-22 19:29

NVD link : CVE-2025-38474

Mitre link : CVE-2025-38474

CVE.ORG link : CVE-2025-38474

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10