Memory Corruption in Linux Kernel Affecting Firmware Handling
CVE-2025-38428

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38428?

A vulnerability in the Linux Kernel's ims-pcu component has been identified, where the variable len, derived from firmware input, is not adequately validated. This oversight can lead to memory corruption through improper handling in the memcpy function. If the len variable exceeds expected bounds, it poses a significant risk by potentially overwriting memory segments. Secure coding practices necessitate that all input, especially from firmware, be thoroughly checked to prevent such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 628329d52474323938a03826941e166bc7c8eff4

Linux 628329d52474323938a03826941e166bc7c8eff4

Linux 628329d52474323938a03826941e166bc7c8eff4

References

https://git.kernel.org/stable/c/c1b9d140b0807c6aee4bb53e1...
https://git.kernel.org/stable/c/d63706d9f73846106fde28b28...
https://git.kernel.org/stable/c/e5a2481dc2a0b430f49276d74...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.