CVE-2025-38667

Published: Aug 22, 2025Modified: Nov 25, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: iio: fix potential out-of-bound write The buffer is set to 20 characters. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". To protect from OoB access, check that the input size fit into buffer and add a zero terminator after copy to the end of the copied data.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.15 to 6.15.9
Linux Linux Kernel	Version 6.16 rc1
Linux Linux Kernel	Version 6.16 rc2
Linux Linux Kernel	Version 6.16 rc3
Linux Linux Kernel	Version 6.16 rc4
Linux Linux Kernel	Version 6.16 rc5
Linux Linux Kernel	Version 6.16 rc6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://git.kernel.org/stable/c/16285a0931869baa618b1f5d304e1e9d090470a8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/81a635b6eccd6fc889f6d07ab9583b705f739ce1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.