We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38332

scsi: lpfc: Use memcpy() for BIOS version



Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated. BIOSVersion is only used for the lpfc_printf_log() which expects a properly terminated string.

Reserved 2025-04-16 | Published 2025-07-10 | Updated 2025-07-10 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before b699bda5db818b684ff62d140defd6394f38f3d6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before d34f2384d6df11a6c67039b612c2437f46e587e8
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 75ea8375c5a83f46c47bfb3de6217c7589a8df93
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 34c0a670556b24d36c9f8934227edb819ca5609e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2f63bf0d2b146956a2f2ff3b25cee71019e64561
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 003baa7a1a152576d744bd655820449bbdb0248e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ae82eaf4aeea060bb736c3e20c0568b67c701d7d
affected

Default status
affected

5.4.295
unaffected

5.10.239
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.95
unaffected

6.12.35
unaffected

6.15.4
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d

git.kernel.org/...c/b699bda5db818b684ff62d140defd6394f38f3d6

git.kernel.org/...c/d34f2384d6df11a6c67039b612c2437f46e587e8

git.kernel.org/...c/75ea8375c5a83f46c47bfb3de6217c7589a8df93

git.kernel.org/...c/34c0a670556b24d36c9f8934227edb819ca5609e

git.kernel.org/...c/2f63bf0d2b146956a2f2ff3b25cee71019e64561

git.kernel.org/...c/003baa7a1a152576d744bd655820449bbdb0248e

git.kernel.org/...c/ae82eaf4aeea060bb736c3e20c0568b67c701d7d

cve.org (CVE-2025-38332)

nvd.nist.gov (CVE-2025-38332)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38332

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.