Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38395

In the Linux kernel, the following vulnerability has been resolved:

regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods

drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors.

While at it, also move the check for memory allocation failure to be below the allocation to make it more readable.

  • Published: Jul 25, 2025
  • Updated: Dec 24, 2025
  • CVE: CVE-2025-38395
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.1
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 5.1 5.4.296
linux / linux_kernel 5.5 5.10.240
linux / linux_kernel 5.11 5.15.187
linux / linux_kernel 5.16 6.1.144
linux / linux_kernel 6.2 6.6.97
linux / linux_kernel 6.7 6.12.37
linux / linux_kernel 6.13 6.15.6
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
linux / linux_kernel 6.16-rc3 6.16-rc3.x
linux / linux_kernel 6.16-rc4 6.16-rc4.x
debian / debian_linux 11.0 11.0.x