Heap Overwrite Vulnerability in Linux Kernel Affecting RapidIO Drivers
CVE-2025-38090

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 June 2025

What is CVE-2025-38090?

A vulnerability in the Linux Kernel's RapidIO driver allows for a potential heap overwrite due to inadequate validation in the riocm_ch_send() function. Specifically, while cm_chan_msg_send() appropriately checks for excessive data input from userspace, it fails to ensure that enough data has been transferred, leading to the possibility of overwriting adjacent memory regions. This vulnerability can compromise data integrity and system stability. The issue has been addressed by updating riocm_ch_send() to verify that the entire rio_ch_chan_hdr is correctly copied from userspace, thereby enhancing the safety of memory operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 58f664614f8c3d6142ab81ae551e466dc6e092e8

References

https://git.kernel.org/stable/c/a8b5ea2e302aa5cd00fc7addd...

https://git.kernel.org/stable/c/c03ddc183249f03fc7e057e02...

https://git.kernel.org/stable/c/58f664614f8c3d6142ab81ae5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 16, 2025