CVE-2025-38474
5.5
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.
How to fix CVE-2025-38474
To remediate CVE-2025-38474, upgrade the affected package to a fixed version below.
- Debian/linux—upgrade to 5.10.244-1 or later
- —upgrade to 6.1.153-1~deb11u1 or later
Is CVE-2025-38474 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.10.244-1
- from 0, < 6.1.153-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |