Buffer Overflow Vulnerability in Linux Kernel's SCSI lpfc Driver
CVE-2025-38332
Currently unrated
What is CVE-2025-38332?
A vulnerability in the Linux kernel affects the SCSI lpfc driver, where incorrect usage of strlcat() may lead to a panic due to perceived buffer overflow risks. The original implementation involving memset() and strlcat() was replaced with memcpy() to ensure proper null termination of the resulting string. This change improves the reliability of the BIOSVersion string used in lpfc_printf_log().
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2