CVE-2025-38497

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/22b7897c289cc25d99c603f5144096142a30d897", "name": "https://git.kernel.org/stable/c/22b7897c289cc25d99c603f5144096142a30d897", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468", "name": "https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/3014168731b7930300aab656085af784edc861f6", "name": "https://git.kernel.org/stable/c/3014168731b7930300aab656085af784edc861f6", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/58bdd5160184645771553ea732da5c2887fc9bd1", "name": "https://git.kernel.org/stable/c/58bdd5160184645771553ea732da5c2887fc9bd1", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/783ea37b237a9b524f1e5ca018ea17d772ee0ea0", "name": "https://git.kernel.org/stable/c/783ea37b237a9b524f1e5ca018ea17d772ee0ea0", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either 'qw_sign' or 'landingPage'\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length 'l' is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-38497", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2025-07-28T12:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-28T12:15Z"}