CVE-2025-38667
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: fix potential out-of-bound write The buffer is set to 20 characters. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". To protect from OoB access, check that the input size fit into buffer and add a zero terminator after copy to the end of the copied data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38667
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential out-of-bound (OoB) write in the Linux kernel's Industrial I/O (iio) subsystem. The issue arises because a buffer is set to hold 20 characters, but if a caller writes more than that, the count is truncated to the maximum available space in the function simple_write_to_buffer. To prevent out-of-bound access, the fix involves checking that the input size fits into the buffer and adding a zero terminator after copying the data to ensure safety.

Impact Analysis

This vulnerability could lead to out-of-bound writes in kernel memory, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, depending on the context of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38667. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart