CVE-2025-38077
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-12-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a check for an empty string. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38077
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.11 (inc) to 5.15.185 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.141 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.93 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.31 (exc)
linux linux_kernel From 6.13 (inc) to 6.14.9 (exc)
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a buffer overflow in the Linux kernel's dell-wmi-sysman component on x86 platforms. It occurs when the 'buf' array received from the user is an empty string, causing the 'length' variable to be zero. The code then accesses the 'buf' array at index 'length - 1', which results in accessing an invalid memory location and causes a buffer overflow. The issue was fixed by adding a check for an empty string before accessing the array.


How can this vulnerability impact me? :

This buffer overflow vulnerability could potentially allow an attacker to cause unexpected behavior in the Linux kernel, such as crashes or execution of arbitrary code, depending on how the overflow is exploited. This could lead to system instability or compromise of system security.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch or update to the fixed version of the Linux kernel that includes the check for an empty string in the dell-wmi-sysman current_password_store() function to avoid the buffer overflow.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart