Out of Bounds Memory Access in Linux Kernel PowerPC Products
CVE-2025-38088

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 June 2025

What is CVE-2025-38088?

This vulnerability in the Linux kernel relates to an out of bounds memory access issue within the PowerPC memtrace mmap functionality. Specifically, it allows requests for mapping regions that exceed the allocated region’s boundaries. The recent patch addresses this flaw by implementing checks that ensure any requested mapping size does not surpass the designated allocated memory, thereby enhancing the overall security and stability of Linux-based systems.

Affected Version(s)

Linux 08a022ad3dfafc7e33d4529015e14bb75179cacc < 81260c41b518b6f32c701425f1427562fa92f293

Linux 08a022ad3dfafc7e33d4529015e14bb75179cacc < 620b77b23c41a6546e5548ffe2ea3ad71880dde4

Linux 08a022ad3dfafc7e33d4529015e14bb75179cacc < 8635e325b85dfb9ddebdfaa6b5605d40d16cd147

References

https://git.kernel.org/stable/c/81260c41b518b6f32c701425f...

https://git.kernel.org/stable/c/620b77b23c41a6546e5548ffe...

https://git.kernel.org/stable/c/8635e325b85dfb9ddebdfaa6b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 16, 2025