CVE-2025-38484

Published: Jul 28, 2025Modified: Nov 19, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: iio: backend: fix out-of-bound write The buffer is set to 80 character. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". But afterwards a string terminator is written to the buffer at offset count without boundary check. The zero termination is written OUT-OF-BOUND. Add a check that the given buffer is smaller then the buffer to prevent.

Affected (9)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.12.23 to 6.12.40
Linux Linux Kernel	From 6.13.11 to 6.14
Linux Linux Kernel	From 6.14.2 to 6.15.8
Linux Linux Kernel	Version 6.16 rc1
Linux Linux Kernel	Version 6.16 rc2
Linux Linux Kernel	Version 6.16 rc3
Linux Linux Kernel	Version 6.16 rc4
Linux Linux Kernel	Version 6.16 rc5
Linux Linux Kernel	Version 6.16 rc6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://git.kernel.org/stable/c/01e941aa7f5175125df4ac5d3aab099961525602

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/6eea9f7648ddb9e4903735a1f77cf196c957aa38

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/da9374819eb3885636934c1006d450c3cb1a02ed

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.