CVE-2025-38082

Published: Jun 18, 2025Modified: Nov 14, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix potential out-of-bound write If the caller wrote more characters, count is truncated to the max available space in "simple_write_to_buffer". Check that the input size does not exceed the buffer size. Write a zero termination afterwards.

Affected (8)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.11 to 6.12.32
Linux Linux Kernel	From 6.13 to 6.14.10
Linux Linux Kernel	Version 6.15 rc1
Linux Linux Kernel	Version 6.15 rc2
Linux Linux Kernel	Version 6.15 rc3
Linux Linux Kernel	Version 6.15 rc4
Linux Linux Kernel	Version 6.15 rc5
Linux Linux Kernel	Version 6.15 rc6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://git.kernel.org/stable/c/7118be7c6072f40391923543fdd1563b8d56377c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/afe090366f470f77e140ff3407db813f57852c04

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b96feaaa0fda1e3871b438143c3446954b32d3a7

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.