Out-of-Bound Write Vulnerability in Linux Kernel Affects Multiple Distributions
CVE-2025-38667
What is CVE-2025-38667?
A vulnerability in the Linux kernel's input/output subsystem could allow unbounded write conditions that may lead to potential memory corruption. This arises from the incorrect handling of write operations, where user input is not adequately validated before being copied to a buffer, which has a fixed size of 20 characters. This oversight may result in an attacker exploiting this flaw to execute arbitrary code or crash the system. A patch has been implemented to ensure that the input size is adequately checked, and it includes a safeguard by adding a zero terminator to the end of any copied data, thus preventing the possibility of out-of-bounds access.
Affected Version(s)
Linux 6d5dd486c715908b5a6ed02315a15ff044a91025 < 81a635b6eccd6fc889f6d07ab9583b705f739ce1
Linux 6d5dd486c715908b5a6ed02315a15ff044a91025 < 16285a0931869baa618b1f5d304e1e9d090470a8
Linux 6.15