Login Sign Up

CVE-2025-38391

5.5 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the Linux kernel's USB Type-C DisplayPort Alt Mode driver allows a malicious USB-C device to trigger a kernel crash (BRK exception) by sending invalid pin assignment data. This affects systems with USB-C ports running vulnerable Linux kernel versions. The vulnerability requires physical access to a USB-C port or connection to a compromised USB-C device.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions not specified in CVE, but patches exist for multiple stable branches.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with USB Type-C ports supporting DisplayPort Alt Mode functionality.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or kernel panic when connecting a malicious or faulty USB-C device with DisplayPort Alt Mode support.

🟢

If Mitigated

No impact if the system is patched or doesn't use vulnerable USB-C DisplayPort functionality.

🌐 Internet-Facing: LOW - Requires physical USB-C connection or local device access.
🏢 Internal Only: MEDIUM - Malicious USB-C devices could be connected internally to crash systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical USB-C device connection or compromised USB-C peripheral. No authentication needed once device is connected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 114a977e0f6b, 2f535517b561, 45e9444b3b97, 47cb5d26f61d, 5581e694d3a1

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable USB-C DisplayPort Alt Mode

linux

Disable DisplayPort Alt Mode functionality in USB Type-C subsystem

echo 0 > /sys/class/typec/portX/displayport/altmode_enable

Restrict USB-C device connections

all

Implement physical security controls to prevent unauthorized USB-C device connections

🧯 If You Can't Patch

  • Implement USB device control policies to restrict USB-C device connections
  • Disable DisplayPort Alt Mode functionality in kernel configuration if possible

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if DisplayPort Alt Mode driver is loaded: lsmod | grep typec_displayport

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: uname -r and check kernel changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • BRK exception logs
  • USB Type-C subsystem errors

SIEM Query:

source="kernel" AND ("BRK" OR "panic" OR "typec" OR "displayport")

📊 Metadata

CVE ID: CVE-2025-38391
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
EPSS Score: 0.02% exploit probability (4th percentile)
Published: July 25, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38391, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)