Buffer Overrun in LZO Compression of Linux Kernel
CVE-2025-38068

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38068?

A vulnerability has been identified in the Linux kernel's LZO compression implementation, where the compression code does not validate output buffer sizes, leading to potential buffer overrun issues. In contrast to its decompression counterpart, the compression mechanism wrongly assumes that adequate buffer space is always supplied by the caller. To address this flaw, a new secure compression interface has been introduced, which incorporates checks for buffer limits before writing outputs, significantly enhancing the safety and reliability of the compression process.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a

References

https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241...

https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf...

https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025