CVE-2025-38391

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38391
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38391.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38391
Downstream
Related
Published
2025-07-25T13:15:28Z
Modified
2025-08-12T21:01:19Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: do not index invalid pin_assignments

A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In this case, calls to pinassignment_show will cause a BRK exception due to an out of bounds array access.

Prevent for loop in pinassignmentshow from accessing invalid values in pinassignments by adding DPPINASSIGNMAX value in typecdp.h and using i < DPPINASSIGNMAX as a loop condition.

References

Affected packages