CVE-2025-38090
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-30

Last updated on: 2025-12-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data but riocm_ch_send() failed to check that userspace sent sufficient data. The result is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr which were outside the bounds of the space which cm_chan_msg_send() allocated. Address this by teaching riocm_ch_send() to check that the entire rio_ch_chan_hdr was copied in from userspace.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-30
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-06-30
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38090
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.8 (inc) to 5.4.295 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel occurs in the rapidio driver (rio_cm.c) where a function (riocm_ch_send) does not properly check that userspace has sent enough data before writing to a data structure (rio_ch_chan_hdr). While another function (cm_chan_msg_send) checks that userspace did not send too much data, riocm_ch_send fails to verify that sufficient data was provided. This can lead to a heap overwrite, where riocm_ch_send writes beyond the allocated memory bounds. The fix involves adding a check in riocm_ch_send to ensure the entire rio_ch_chan_hdr is copied from userspace safely.


How can this vulnerability impact me? :

This vulnerability can lead to a heap overwrite in kernel memory, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges. This could compromise the security and reliability of the affected system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for CVE-2025-38090, which ensures proper bounds checking in the rio_cm driver. Avoid running untrusted userspace code that interacts with the rapidio driver until the patch is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart