CVE-2025-38533
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38533
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38533.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38533
- Downstream
- Published
- 2025-08-16T12:15:28Z
- Modified
- 2025-08-30T18:58:43.849318Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: libwx: fix the using of Rx buffer DMA
The wxrxbuffer structure contained two DMA address fields: 'dma' and 'pagedma'. However, only 'pagedma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths.
This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing in the code.
- References
-
- https://git.kernel.org/stable/c/027701180a7bcb64c42eab291133ef0c87b5b6c5
- https://git.kernel.org/stable/c/05c37b574997892a40a0e9b9b88a481566b2367d
- https://git.kernel.org/stable/c/5fd77cc6bd9b368431a815a780e407b7781bcca0
- https://git.kernel.org/stable/c/ba7c793f96c1c2b944bb6f423d7243f3afc30fe9
- https://security-tracker.debian.org/tracker/CVE-2025-38533
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1
Affected versions
6.*
6.12.38-1
6.12.41-1
6.12.43-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1