{"id":"CVE-2025-38342","summary":"software node: Correct a OOB check in software_node_get_reference_args()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least '(index + 1) * sizeof(*ref)' bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check '((index + 1) * sizeof(*ref) \u003e prop-\u003elength)'.","modified":"2026-04-16T04:32:22.718597567Z","published":"2025-07-10T08:15:11.561Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38342.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/142acd739eb6f08c148a96ae8309256f1422ff4b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31e4e12e0e9609850cefd4b2e1adf782f56337d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b3383110b6df48e0ba5936af2cb68d5eb6bd43b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/56ce76e8d406cc72b89aee7931df5cf3f18db49d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7af18e42bdefe1dba5bcb32555a4d524fd504939"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9324127b07dde8529222dc19233aa57ec810856c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9397cf7bfb680799fb8c7f717c8f756384c3280"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38342.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38342"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"59abd83672f70cac4b6bf9b237506c5bc6837606"},{"fixed":"142acd739eb6f08c148a96ae8309256f1422ff4b"},{"fixed":"56ce76e8d406cc72b89aee7931df5cf3f18db49d"},{"fixed":"9324127b07dde8529222dc19233aa57ec810856c"},{"fixed":"f9397cf7bfb680799fb8c7f717c8f756384c3280"},{"fixed":"4b3383110b6df48e0ba5936af2cb68d5eb6bd43b"},{"fixed":"7af18e42bdefe1dba5bcb32555a4d524fd504939"},{"fixed":"31e4e12e0e9609850cefd4b2e1adf782f56337d6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38342.json"}}],"schema_version":"1.7.5"}