CVE-2025-38332
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-12-19
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Use memcpy() for BIOS version
The strlcat() with FORTIFY support is triggering a panic because it
thinks the target buffer will overflow although the correct target
buffer size is passed in.
Anyway, instead of memset() with 0 followed by a strlcat(), just use
memcpy() and ensure that the resulting buffer is NULL terminated.
BIOSVersion is only used for the lpfc_printf_log() which expects a
properly terminated string.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.4.295 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's lpfc driver involves the use of strlcat() with FORTIFY support, which incorrectly triggers a panic due to a perceived buffer overflow, even though the correct buffer size is used. The fix replaces the memset() and strlcat() sequence with memcpy() while ensuring the buffer is NULL terminated, preventing the panic.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to panic unexpectedly when handling BIOS version strings in the lpfc driver, potentially leading to system instability or crashes.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70