{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38391", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.011Z", "datePublished": "2025-07-25T12:53:31.223Z", "dateUpdated": "2025-11-03T17:37:24.845Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:20:54.635Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop\ncondition."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/typec/altmodes/displayport.c", "include/linux/usb/typec_dp.h"], "versions": [{"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "c93bc959788ed9a1af7df57cb539837bdf790cee", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "114a977e0f6bf278e05eade055e13fc271f69cf7", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "621d5a3ef0231ab242f2d31eecec40c38ca609c5", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "2f535517b5611b7221ed478527e4b58e29536ddf", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "45e9444b3b97eaf51a5024f1fea92f44f39b50c6", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "5581e694d3a1c2f32c5a51d745c55b107644e1f8", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "47cb5d26f61d80c805d7de4106451153779297a1", "status": "affected", "versionType": "git"}, {"version": "0e3bb7d6894d9b6e67d6382bb03a46a1dc989588", "lessThan": "af4db5a35a4ef7a68046883bfd12468007db38f1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/typec/altmodes/displayport.c", "include/linux/usb/typec_dp.h"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.296", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.240", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.187", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.144", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.97", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.37", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.6", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.4.296"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.240"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.187"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1.144"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.6.97"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.12.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.15.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c93bc959788ed9a1af7df57cb539837bdf790cee"}, {"url": "https://git.kernel.org/stable/c/114a977e0f6bf278e05eade055e13fc271f69cf7"}, {"url": "https://git.kernel.org/stable/c/621d5a3ef0231ab242f2d31eecec40c38ca609c5"}, {"url": "https://git.kernel.org/stable/c/2f535517b5611b7221ed478527e4b58e29536ddf"}, {"url": "https://git.kernel.org/stable/c/45e9444b3b97eaf51a5024f1fea92f44f39b50c6"}, {"url": "https://git.kernel.org/stable/c/5581e694d3a1c2f32c5a51d745c55b107644e1f8"}, {"url": "https://git.kernel.org/stable/c/47cb5d26f61d80c805d7de4106451153779297a1"}, {"url": "https://git.kernel.org/stable/c/af4db5a35a4ef7a68046883bfd12468007db38f1"}], "title": "usb: typec: altmodes/displayport: do not index invalid pin_assignments", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:37:24.845Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFCB6FC6-B0DD-47C5-AA25-D1B2BFD03E5C", "versionEndExcluding": "5.4.296", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E73A49A-F9B2-470F-91B2-6FAB6239BDB6", "versionEndExcluding": "5.10.240", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BD28D29-423C-4173-9DB8-3BA14E9F665D", "versionEndExcluding": "5.15.187", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "81CF08DB-B7A2-4556-8AE3-ED9144F50E31", "versionEndExcluding": "6.1.144", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB1BB991-B903-4718-966C-07C803CBEABC", "versionEndExcluding": "6.6.97", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B4159AA-C70D-4DE5-9EE2-8F2728F13C5D", "versionEndExcluding": "6.12.37", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E0BB4E0-44BC-4645-83A8-6EA232CE624C", "versionEndExcluding": "6.15.6", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "A0517869-312D-4429-80C2-561086E1421C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop\ncondition."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: altmodes/displayport: no indexar asignaciones de pines no v\u00e1lidas. Un puerto asociado DisplayPort en modo alternativo mal implementado puede indicar que su capacidad de asignaci\u00f3n de pines supera el valor m\u00e1ximo, DP_PIN_ASSIGN_F. En este caso, las llamadas a pin_assignment_show provocar\u00e1n una excepci\u00f3n BRK debido a un acceso fuera de los l\u00edmites de la matriz. Para evitar que el bucle for de pin_assignment_show acceda a valores no v\u00e1lidos en las asignaciones de pines, agregue el valor DP_PIN_ASSIGN_MAX en typec_dp.h y use i &lt; DP_PIN_ASSIGN_MAX como condici\u00f3n de bucle."}], "id": "CVE-2025-38391", "lastModified": "2025-12-23T19:28:22.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-25T13:15:28.487", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/114a977e0f6bf278e05eade055e13fc271f69cf7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f535517b5611b7221ed478527e4b58e29536ddf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/45e9444b3b97eaf51a5024f1fea92f44f39b50c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47cb5d26f61d80c805d7de4106451153779297a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5581e694d3a1c2f32c5a51d745c55b107644e1f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/621d5a3ef0231ab242f2d31eecec40c38ca609c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af4db5a35a4ef7a68046883bfd12468007db38f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c93bc959788ed9a1af7df57cb539837bdf790cee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: usb: typec: altmodes/displayport: do not index invalid pin_assignments", "id": "2383378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383378"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop\ncondition."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-38391", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38391\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38391\nhttps://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38391-0064@gregkh/T"], "statement": "This patch addresses a potential out-of-bounds array access in the DisplayPort Alt Mode driver for USB Type-C.\nIf a connected device advertises invalid pin assignments beyond the supported DP_PIN_ASSIGN_F, the kernel function pin_assignment_show() may access memory outside the valid range, leading to a BRK exception or kernel crash.\nThe patch introduces a maximum pin assignment limit to prevent this.\nThe vulnerability is externally triggerable via a malicious or misbehaving USB-C device and may lead to denial-of-service or minor information disclosure through out-of-bounds reads.", "threat_severity": "Moderate"}

{"created": "2025-07-26T12:07:32.325219+00:00", "updated": "2025-07-26T12:07:32.325281+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}