CVE-2025-38077

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a check for an empty string. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

e8a60aa7404bfef37705da5607c97737073ac38d before fb7cde625872709b8cedad9b241e0ec3d82fa7d3
affected

e8a60aa7404bfef37705da5607c97737073ac38d before 60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5
affected

e8a60aa7404bfef37705da5607c97737073ac38d before f86465626917df3b8bdd2756ec0cc9d179c5af0f
affected

e8a60aa7404bfef37705da5607c97737073ac38d before 8594a123cfa23d708582dc6fb36da34479ef8a5b
affected

e8a60aa7404bfef37705da5607c97737073ac38d before 97066373ffd55bd9af0b512ff3dd1f647620a3dc
affected

e8a60aa7404bfef37705da5607c97737073ac38d before 4e89a4077490f52cde652d17e32519b666abf3a6
affected

Default status
affected

5.11
affected

Any version before 5.11
unaffected

5.15.185
unaffected

6.1.141
unaffected

6.6.93
unaffected

6.12.31
unaffected

6.14.9
unaffected

6.15
unaffected

References

git.kernel.org/...c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3

git.kernel.org/...c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5

git.kernel.org/...c/f86465626917df3b8bdd2756ec0cc9d179c5af0f

git.kernel.org/...c/8594a123cfa23d708582dc6fb36da34479ef8a5b

git.kernel.org/...c/97066373ffd55bd9af0b512ff3dd1f647620a3dc

git.kernel.org/...c/4e89a4077490f52cde652d17e32519b666abf3a6

cve.org (CVE-2025-38077)

nvd.nist.gov (CVE-2025-38077)

Download JSON