Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined behavior when passed to get_sensor_info(). Add a proper check to return -EINVAL if sensor_index is negative. Found by Linux Verification Center (linuxtesting.org) with SVACE. [groeck: Return error code returned from find_ec_sensor_index]

INFO

Published Date :

2025-07-03T08:35:43.521Z

Last Modified :

2025-11-03T17:34:31.871Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38142 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38142.

URL Resource
https://git.kernel.org/stable/c/19bd9cde38dd4ca1771aed7afba623e7f4247c8e cve-icon cve-icon
https://git.kernel.org/stable/c/25be318324563c63cbd9cb53186203a08d2f83a1 cve-icon cve-icon
https://git.kernel.org/stable/c/4e9e45746b861ebd54c03ef301da2cb8fc990536 cve-icon cve-icon
https://git.kernel.org/stable/c/6bf529ce84dccc0074dbc704e70aee4aa545057e cve-icon cve-icon
https://git.kernel.org/stable/c/7eeb3df6f07a886bdfd52757ede127a59a8784dc cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025070334-CVE-2025-38142-a038@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38142 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38142 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact