CVE-2025-38088
BaseFortify
Publication date: 2025-06-30
Last updated on: 2025-12-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.13 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.94 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.34 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.3 (exc) |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds issue in the memtrace mmap functionality of the Linux kernel on powerpc/powernv platforms. It occurs because the requested memory mapping region size was not properly checked against the allocated region size, potentially allowing access beyond the intended memory boundaries. The issue has been fixed by adding a check to ensure the requested mapping size stays within the allocated region.
How can this vulnerability impact me? :
The out of bounds issue in memtrace mmap could potentially allow unauthorized access to memory regions beyond what was intended, which might lead to system instability, crashes, or exposure of sensitive information. However, specific impacts are not detailed in the provided information.