You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38153
About this tag
CVE-2025-38153 is a vulnerability in the AQC111 USB Ethernet driver for Linux. The flaw stems from a missing validation of the byte count returned by usbnet read calls, which could lead to incorrect behavior in systems using the aqc111 driver. Microsoft has acknowledged that Azure Linux includes the affected open-source library and is potentially impacted, but this does not guarantee that other Microsoft products are free from the vulnerable code. The distinction between attestation of impact and exclusivity of impact is critical for understanding the scope of this CVE. Discussions on WindowsForum highlight the operational implications and the upstream Linux kernel fix for this correctness bug.
The upstream Linux kernel fix for CVE-2025-38153 patches a correctness bug in the AQC111 USB Ethernet driver that failed to validate the byte count returned by usbnet read calls — a small coding lapse with outsized operational implications for any system that actually loads and uses the aqc111...