CVE-2025-38391

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38391
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38391.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38391
Downstream
Related
Published
2025-07-25T12:53:31.223Z
Modified
2026-03-11T07:51:38.447847754Z
Summary
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: do not index invalid pin_assignments

A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In this case, calls to pinassignment_show will cause a BRK exception due to an out of bounds array access.

Prevent for loop in pinassignmentshow from accessing invalid values in pinassignments by adding DPPINASSIGNMAX value in typecdp.h and using i < DPPINASSIGNMAX as a loop condition.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38391.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0e3bb7d6894d9b6e67d6382bb03a46a1dc989588
Fixed
c93bc959788ed9a1af7df57cb539837bdf790cee
Fixed
114a977e0f6bf278e05eade055e13fc271f69cf7
Fixed
621d5a3ef0231ab242f2d31eecec40c38ca609c5
Fixed
2f535517b5611b7221ed478527e4b58e29536ddf
Fixed
45e9444b3b97eaf51a5024f1fea92f44f39b50c6
Fixed
5581e694d3a1c2f32c5a51d745c55b107644e1f8
Fixed
47cb5d26f61d80c805d7de4106451153779297a1
Fixed
af4db5a35a4ef7a68046883bfd12468007db38f1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38391.json"