CVE-2025-38474

MEDIUM

Linux Kernel - USB Driver Vulnerability

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.

References (10)

Core 10

Core References

Third Party Advisory, Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory, Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8

Patch

https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785

Patch

https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92

Patch

https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9

Patch

https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6

Patch

https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d

Patch

https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a

Patch

https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (29)

debian/debian_linux 11.0

linux/Kernel 2.6.34 - 5.4.297linux

linux/Kernel 5.11.0 - 5.15.190linux

linux/Kernel 5.16.0 - 6.1.147linux

linux/Kernel 5.5.0 - 5.10.241linux

linux/Kernel 6.13.0 - 6.15.8linux

linux/Kernel 6.2.0 - 6.6.100linux

linux/Kernel 6.7.0 - 6.12.40linux

Linux/Linux < 2.6.34

Linux/Linux 2.6.34

... and 19 more

Published Jul 28, 2025

Tracked Since Feb 18, 2026