Out-of-Bounds Access Vulnerability in Linux Kernel Megaraid_sas
CVE-2025-38239

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38239?

A vulnerability in the Linux Kernel's Megaraid_sas driver allows for out-of-bounds memory access during the setup of the MSIX interrupt vectors. This occurs when DRAM interleaving is enabled, leading to an invalid node index situation, which can cause severe instability or crashes. Specifically, the error stems from requests for more vector entries than are available, resulting in an array-index-out-of-bounds condition. It is crucial for users operating systems with affected versions to update to the latest patches to mitigate any risks associated with this error.

Affected Version(s)

Linux 8049da6f3943d0ac51931b8064b2e4769a69a967

Linux 8049da6f3943d0ac51931b8064b2e4769a69a967 < 19a47c966deb36624843b7301f0373a3dc541a05

References

https://git.kernel.org/stable/c/f1064b3532192e987ab17be72...

https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c2...

https://git.kernel.org/stable/c/19a47c966deb36624843b7301...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025