Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX value in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop condition.
References (10)
Core 10
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
6.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (10)
debian/debian_linux
11.0
linux/Kernel
4.19.0 - 5.4.296linux
linux/Kernel
5.11.0 - 5.15.187linux
linux/Kernel
5.16.0 - 6.1.144linux
linux/Kernel
5.5.0 - 5.10.240linux
linux/Kernel
6.13.0 - 6.15.6linux
linux/Kernel
6.2.0 - 6.6.97linux
linux/Kernel
6.7.0 - 6.12.37linux
linux/linux_kernel
6.16 rc1 (4 CPE variants)
linux/linux_kernel
4.19 - 5.4.296
Published
Jul 25, 2025
Tracked Since
Feb 18, 2026