CVE-2025-38200

high

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables.

References

https://git.kernel.org/stable/c/fecb2fc3fc10c95724407cc45ea35af4a65cdde2

https://git.kernel.org/stable/c/d88a1e8f024ba26e19350958fecbf771a9960352

https://git.kernel.org/stable/c/8cde755f56163281ec2c46b4ae8b61f532758a6f

https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193

https://git.kernel.org/stable/c/5e75c9082987479e647c75ec8fdf18fa68263c42

https://git.kernel.org/stable/c/3502dd42f178dae9d54696013386bb52b4f2e655

https://git.kernel.org/stable/c/2a1f4f2e36442a9bdf771acf6ee86f3cf876e5ca

https://git.kernel.org/stable/c/015bac5daca978448f2671478c553ce1f300c21e

Details

Source: Mitre, NVD

Published: 2025-07-04

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00024