CVE-2025-38422

net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices

Description

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c9d142e59566714b
https://git.kernel.org/stable/c/088279ff18cdc437d6fac5890e0c52c624f78a5b
https://git.kernel.org/stable/c/51318d644c993b3f7a60b8616a6a5adc1e967cd2
https://git.kernel.org/stable/c/9c41d2a2aa3817946eb613522200cab55513ddaa
https://git.kernel.org/stable/c/3b9935586a9b54d2da27901b830d3cf46ad66a1e

Frequently Asked Questions

What is the severity of CVE-2025-38422?: CVE-2025-38422 has not yet been assigned a CVSS score.
How to fix CVE-2025-38422?: To fix CVE-2025-38422, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38422 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-38422 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38422?: CVE-2025-38422 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.