CVE-2025-38497

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38497
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38497.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38497
Downstream
Related
Published
2025-07-28T11:22:05.855Z
Modified
2026-03-20T12:42:53.243039Z
Summary
usb: gadget: configfs: Fix OOB read on empty string write
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: configfs: Fix OOB read on empty string write

When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero.

This patch fixes the vulnerability by adding a check at the beginning of osdescqwsignstore() and webusblandingPagestore() to handle the zero-length input case gracefully by returning immediately.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38497.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
87213d388e927aaa88b21d5ff7e1f75ca2288da1
Fixed
78b41148cfea2a3f04d87adf3a71b21735820a37
Fixed
d68b7c8fefbaeae8f065b84e40cf64baf4cc0c76
Fixed
15a87206879951712915c03c8952a73d6a74721e
Fixed
2798111f8e504ac747cce911226135d50b8de468
Fixed
58bdd5160184645771553ea732da5c2887fc9bd1
Fixed
783ea37b237a9b524f1e5ca018ea17d772ee0ea0
Fixed
22b7897c289cc25d99c603f5144096142a30d897
Fixed
3014168731b7930300aab656085af784edc861f6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38497.json"