Memory Corruption in Linux Kernel Affecting Firmware Handling
CVE-2025-38428

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38428?

A vulnerability in the Linux Kernel's ims-pcu component has been identified, where the variable len, derived from firmware input, is not adequately validated. This oversight can lead to memory corruption through improper handling in the memcpy function. If the len variable exceeds expected bounds, it poses a significant risk by potentially overwriting memory segments. Secure coding practices necessitate that all input, especially from firmware, be thoroughly checked to prevent such vulnerabilities.

Affected Version(s)

Linux 628329d52474323938a03826941e166bc7c8eff4

Linux 628329d52474323938a03826941e166bc7c8eff4

Linux 628329d52474323938a03826941e166bc7c8eff4

References

https://git.kernel.org/stable/c/c1b9d140b0807c6aee4bb53e1...
https://git.kernel.org/stable/c/d63706d9f73846106fde28b28...
https://git.kernel.org/stable/c/e5a2481dc2a0b430f49276d74...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38428 : Memory Corruption in Linux Kernel Affecting Firmware Handling