Buffer Overrun in LZO Compression of Linux Kernel
CVE-2025-38068

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2025-38068?

A vulnerability has been identified in the Linux kernel's LZO compression implementation, where the compression code does not validate output buffer sizes, leading to potential buffer overrun issues. In contrast to its decompression counterpart, the compression mechanism wrongly assumes that adequate buffer space is always supplied by the caller. To address this flaw, a new secure compression interface has been introduced, which incorporates checks for buffer limits before writing outputs, significantly enhancing the safety and reliability of the compression process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 64c70b1cf43de158282bc1675918d503e5b15cc1 < 4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111

Linux 64c70b1cf43de158282bc1675918d503e5b15cc1

Linux 64c70b1cf43de158282bc1675918d503e5b15cc1 < 0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a

References

https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241...
https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf...
https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.