Out-of-Bounds Write Vulnerability in Linux Kernel Affecting Multiple Versions
CVE-2025-38342

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38342?

An out-of-bounds write vulnerability has been identified in the Linux kernel. When the function software_node_get_reference_args() is called, it attempts to access the @index-th element of a property value. The existing bounds check does not guarantee that sufficient bytes are available, potentially leading to memory corruption when a malformed property is processed. To mitigate this issue, the bounds check has been adjusted to ensure that the required byte count does not exceed the property length. It is crucial for users and system administrators to apply available patches to safeguard against potential exploitation.

Affected Version(s)

Linux 59abd83672f70cac4b6bf9b237506c5bc6837606 < 142acd739eb6f08c148a96ae8309256f1422ff4b

Linux 59abd83672f70cac4b6bf9b237506c5bc6837606 < 56ce76e8d406cc72b89aee7931df5cf3f18db49d

Linux 59abd83672f70cac4b6bf9b237506c5bc6837606 < 9324127b07dde8529222dc19233aa57ec810856c

References

https://git.kernel.org/stable/c/142acd739eb6f08c148a96ae8...

https://git.kernel.org/stable/c/56ce76e8d406cc72b89aee793...

https://git.kernel.org/stable/c/9324127b07dde8529222dc192...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025