Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38391

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: do not index invalid pin_assignments

A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access.

Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX value in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop condition.

  • Published: Jul 25, 2025
  • Updated: Dec 24, 2025
  • CVE: CVE-2025-38391
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.19 5.4.296
linux / linux_kernel 5.5 5.10.240
linux / linux_kernel 5.11 5.15.187
linux / linux_kernel 5.16 6.1.144
linux / linux_kernel 6.2 6.6.97
linux / linux_kernel 6.7 6.12.37
linux / linux_kernel 6.13 6.15.6
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
linux / linux_kernel 6.16-rc3 6.16-rc3.x
linux / linux_kernel 6.16-rc4 6.16-rc4.x
debian / debian_linux 11.0 11.0.x