Updated: 2026-02-27 03:05:48.512016
Description:
In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);"
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:29 | Not affected: the flaw is confined to the optional ims-pcu input driver, which is gated by CONFIG_IN... | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:29 | CVE-2025-38428 is limited to the optional IMS Passenger Control Unit input driver (ims-pcu, controll... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:30 | Not affected: CVE-2025-38428 only impacts the IMS Passenger Control Unit input driver (drivers/input... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:31 | Not affected: CVE-2025-38428 only impacts the IMS Passenger Control Unit input driver (drivers/input... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:28 | Not affected: CVE-2025-38428 only impacts the IMS Passenger Control Unit input driver (drivers/input... | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Needs Triage | 2025-12-28 08:09:57 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-31 06:43:01 | CVE-2025-38428 is limited to the optional IMS Passenger Control Unit input driver (ims-pcu, controll... | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Released | CLSA-2025:1757963029 | 2025-09-16 11:19:37 | CVE-2025-38428 is limited to the optional IMS Passenger Control Unit input driver (ims-pcu, controll... |
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-31 06:43:00 | CVE-2025-38428 is limited to the optional IMS Passenger Control Unit input driver (ims-pcu, controll... | |
| TuxCare 9.6 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-29 07:27:30 | Not affected: the flaw is confined to the optional ims-pcu input driver, which is gated by CONFIG_IN... |