CVE-2025-38159

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes: void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data) { ... SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data); SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1)); ... SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4)); Detected using the static analysis tool - Svace.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1ee8ea6937d13b20f90ff35d71ccc03ba448182d
https://git.kernel.org/stable/c/68a1037f0bac4de9a585aa9c879ef886109f3647
https://git.kernel.org/stable/c/74e18211c2c89ab66c9546baa7408288db61aa0d
https://git.kernel.org/stable/c/c13255389499275bc5489a0b5b7940ccea3aef04
https://git.kernel.org/stable/c/9febcc8bded8be0d7efd8237fcef599b6d93b788
https://git.kernel.org/stable/c/4c2c372de2e108319236203cce6de44d70ae15cd

Frequently Asked Questions

What is the severity of CVE-2025-38159?
CVE-2025-38159 has not yet been assigned a CVSS score.
How to fix CVE-2025-38159?
To fix CVE-2025-38159, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38159 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38159 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38159?
CVE-2025-38159 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.