CVE-2025-38429

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38429

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38429.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38429

Downstream

BELL-CVE-2025-38429

DEBIAN-CVE-2025-38429

ECHO-ba32-29e7-da16

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38429

Related

Published

2025-07-25T15:15:27Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: ep: Update read pointer only after buffer is written

Inside mhiepringaddelement, the read pointer (rdoffset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rdoffset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption.

Invoke the buffer write before updating rd_offset to ensure the element is fully written before signaling its availability.

References

Affected packages