CVE-2025-38159

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-38159

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38159.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38159

Downstream

AZL-64532

BELL-CVE-2025-38159

DEBIAN-CVE-2025-38159

DLA-4328-1

DSA-5973-1

ECHO-c264-54b3-9378

MGASA-2025-0218

MGASA-2025-0219

OESA-2025-1823

OESA-2025-1824

OESA-2025-1870

RHSA-2025:13589

RHSA-2025:13590

RHSA-2025:13598

RHSA-2025:13962

RHSA-2025:15224

RHSA-2025:15227

RHSA-2025:15647

RHSA-2025:15649

RHSA-2025:15658

RHSA-2025:15660

RHSA-2025:15668

RHSA-2025:15670

RHSA-2025:21667

RLSA-2025:13589

RLSA-2025:13590

RLSA-2025:13598

ROOT-OS-DEBIAN-11-CVE-2025-38159

ROOT-OS-DEBIAN-12-CVE-2025-38159

ROOT-OS-UBUNTU-2204-CVE-2025-38159

ROOT-OS-UBUNTU-2404-CVE-2025-38159

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:02996-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:03023-1

SUSE-SU-2025:20577-1

SUSE-SU-2025:20586-1

SUSE-SU-2025:20601-1

SUSE-SU-2025:20602-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2026:0350-1

SUSE-SU-2026:0369-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0474-1

SUSE-SU-2026:0496-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:0939-1

SUSE-SU-2026:0940-1

SUSE-SU-2026:0983-1

SUSE-SU-2026:0985-1

SUSE-SU-2026:0992-1

SUSE-SU-2026:0997-1

SUSE-SU-2026:1000-1

SUSE-SU-2026:1002-1

SUSE-SU-2026:1039-1

SUSE-SU-2026:1046-1

SUSE-SU-2026:1048-1

SUSE-SU-2026:1049-1

SUSE-SU-2026:1059-1

SUSE-SU-2026:1073-1

SUSE-SU-2026:1101-1

SUSE-SU-2026:1125-1

SUSE-SU-2026:20847-1

SUSE-SU-2026:20848-1

SUSE-SU-2026:20849-1

SUSE-SU-2026:20850-1

SUSE-SU-2026:20857-1

SUSE-SU-2026:20858-1

SUSE-SU-2026:20859-1

SUSE-SU-2026:20880-1

SUSE-SU-2026:20881-1

SUSE-SU-2026:20882-1

SUSE-SU-2026:20891-1

SUSE-SU-2026:20892-1

SUSE-SU-2026:20893-1

SUSE-SU-2026:20894-1

openSUSE-SU-2025:20081-1

Related

Published

2025-07-03T08:36:01.490Z

Modified

2026-05-18T05:59:29.741905215Z

Summary

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrol(rtwdev, para[0], &para[1])', which reads 5 bytes:

void rtwfwbtwificontrol(struct rtwdev *rtwdev, u8 opcode, u8 *data) { ... SETBTWIFICONTROLDATA1(h2cpkt, *data); SETBTWIFICONTROLDATA2(h2cpkt, *(data + 1)); ... SETBTWIFICONTROLDATA5(h2c_pkt, *(data + 4));

Detected using the static analysis tool - Svace.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38159.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4136214f7c46839c15f0f177fe1d5052302c0205

Fixed

1ee8ea6937d13b20f90ff35d71ccc03ba448182d

Fixed

68a1037f0bac4de9a585aa9c879ef886109f3647

Fixed

74e18211c2c89ab66c9546baa7408288db61aa0d

Fixed

c13255389499275bc5489a0b5b7940ccea3aef04

Fixed

9febcc8bded8be0d7efd8237fcef599b6d93b788

Fixed

4c2c372de2e108319236203cce6de44d70ae15cd

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38159.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.15.186

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.142

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.94

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.34

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38159.json"