CVE-2025-38077
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.
Add a check for an empty string.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 5.11 | 5.15.185 |
| linux / linux_kernel | 5.16 | 6.1.141 |
| linux / linux_kernel | 6.2 | 6.6.93 |
| linux / linux_kernel | 6.7 | 6.12.31 |
| linux / linux_kernel | 6.13 | 6.14.9 |
| linux / linux_kernel | 6.15-rc1 | 6.15-rc1.x |
| linux / linux_kernel | 6.15-rc2 | 6.15-rc2.x |
| linux / linux_kernel | 6.15-rc3 | 6.15-rc3.x |
| linux / linux_kernel | 6.15-rc4 | 6.15-rc4.x |
| linux / linux_kernel | 6.15-rc5 | 6.15-rc5.x |
| linux / linux_kernel | 6.15-rc6 | 6.15-rc6.x |
| linux / linux_kernel | 6.15-rc7 | 6.15-rc7.x |
| debian / debian_linux | 11.0 | 11.0.x |
- https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6
- https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5
- https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b
- https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc
- https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f
- https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime