Heap Overwrite Vulnerability in Linux Kernel Affecting RapidIO Drivers
CVE-2025-38090

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 June 2025

What is CVE-2025-38090?

A vulnerability in the Linux Kernel's RapidIO driver allows for a potential heap overwrite due to inadequate validation in the riocm_ch_send() function. Specifically, while cm_chan_msg_send() appropriately checks for excessive data input from userspace, it fails to ensure that enough data has been transferred, leading to the possibility of overwriting adjacent memory regions. This vulnerability can compromise data integrity and system stability. The issue has been addressed by updating riocm_ch_send() to verify that the entire rio_ch_chan_hdr is correctly copied from userspace, thereby enhancing the safety of memory operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux b6e8d4aa1110306378af0f3472a6b85a1f039a16

Linux b6e8d4aa1110306378af0f3472a6b85a1f039a16

Linux b6e8d4aa1110306378af0f3472a6b85a1f039a16 < 58f664614f8c3d6142ab81ae551e466dc6e092e8

References

https://git.kernel.org/stable/c/a8b5ea2e302aa5cd00fc7addd...
https://git.kernel.org/stable/c/c03ddc183249f03fc7e057e02...
https://git.kernel.org/stable/c/58f664614f8c3d6142ab81ae5...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.