CVE-2025-38159

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38159
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38159.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38159
Downstream
Related
Published
2025-07-03T08:36:01.490Z
Modified
2026-03-12T02:15:46.078603Z
Summary
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrol(rtwdev, para[0], &para[1])', which reads 5 bytes:

void rtwfwbtwificontrol(struct rtwdev *rtwdev, u8 opcode, u8 *data) { ... SETBTWIFICONTROLDATA1(h2cpkt, *data); SETBTWIFICONTROLDATA2(h2cpkt, *(data + 1)); ... SETBTWIFICONTROLDATA5(h2c_pkt, *(data + 4));

Detected using the static analysis tool - Svace.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38159.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4136214f7c46839c15f0f177fe1d5052302c0205
Fixed
1ee8ea6937d13b20f90ff35d71ccc03ba448182d
Fixed
68a1037f0bac4de9a585aa9c879ef886109f3647
Fixed
74e18211c2c89ab66c9546baa7408288db61aa0d
Fixed
c13255389499275bc5489a0b5b7940ccea3aef04
Fixed
9febcc8bded8be0d7efd8237fcef599b6d93b788
Fixed
4c2c372de2e108319236203cce6de44d70ae15cd

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38159.json"