CVE-2025-38548
📋 TL;DR
This CVE addresses a buffer overflow vulnerability in the Linux kernel's corsair-cpro hardware monitoring driver. Attackers could exploit this by sending specially crafted USB commands to cause kernel memory corruption, potentially leading to system crashes or privilege escalation. Systems using affected Linux kernel versions with the corsair-cpro driver loaded are vulnerable.
💻 Affected Systems
- Linux kernel with corsair-cpro driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel crashes (oops/panic), or denial of service affecting hardware monitoring functionality.
If Mitigated
Minimal impact if driver not loaded or USB access restricted; crashes contained to kernel space without privilege escalation.
🎯 Exploit Status
Requires physical USB device access or ability to send malicious USB commands; kernel exploitation requires additional steps beyond buffer overflow.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0db770e2922389753ddbd6663a5516a32b97b743 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable corsair-cpro driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist corsair-cpro' >> /etc/modprobe.d/blacklist-corsair.conf
rmmod corsair-cpro
Restrict USB device access
linuxLimit which users can access USB devices
chmod 600 /dev/bus/usb/*/*
setfacl -m u:root:rw /dev/bus/usb/*/*
🧯 If You Can't Patch
- Disconnect Corsair PSU devices that trigger driver loading
- Implement strict physical security controls for USB ports
🔍 How to Verify
Check if Vulnerable:
Check if corsair-cpro module is loaded: lsmod | grep corsair-cproCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: grep -i corsair /proc/version || check distribution kernel changelog📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning corsair-cpro
- System crashes/panics after USB device connection
- dmesg errors related to USB buffer overflows
Network Indicators:
- None - local USB exploit only
SIEM Query:
source="kernel" AND ("corsair-cpro" OR "buffer overflow" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743
- https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9
- https://git.kernel.org/stable/c/2e6f4d9cfbda52700c126c5a2b93dd2042e8680c
- https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8
- https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820
- https://git.kernel.org/stable/c/4eb5cc48399f89b63acdbfe912fa5c8fe2900147
- https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
