CVE-2025-38676
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38676
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack buffer overflow in the Linux kernel's iommu/amd component. It occurs when the kernel command line contains a maximum length string for the "str" argument, causing the code to write 1 byte past the end of the "acpiid" buffer. Although the kernel command line is usually trusted, this overflow could lead to unexpected behavior or crashes.

Impact Analysis

The vulnerability could potentially cause the Linux kernel to behave unpredictably or crash due to the stack buffer overflow. This might lead to system instability or denial of service. Since it involves writing beyond a buffer boundary, it could also be exploited to execute arbitrary code, depending on the environment and usage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38676. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart