CVE-2025-38422

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38422
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38422.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38422
Downstream
Related
Published
2025-07-25T14:16:43.109Z
Modified
2025-11-28T02:35:46.584034Z
Summary
net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
Details

In the Linux kernel, the following vulnerability has been resolved:

net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices

Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38422.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
695846047aa9b4bb387473a9fd227a51ae7de5e9
Fixed
6b4201d74d0a49af2123abf2c9d142e59566714b
Fixed
088279ff18cdc437d6fac5890e0c52c624f78a5b
Fixed
51318d644c993b3f7a60b8616a6a5adc1e967cd2
Fixed
9c41d2a2aa3817946eb613522200cab55513ddaa
Fixed
3b9935586a9b54d2da27901b830d3cf46ad66a1e

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.19.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.95
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.35
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.4