CVE-2025-38474
Published: July 29, 2025Last modified: July 29, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.147-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/0a263ccb905b4ae2af381cd4280bd8d2477b98b8
- https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158
- https://git.kernel.org/stable/c/5408cc668e596c81cdd29e137225432aa40d1785
- https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9
- https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6
- https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d
- https://git.kernel.org/stable/c/a6a238c4126eb3ddb495d3f960193ca5bb778d92
- https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html