PT-2025-27988 · Linux+3 · Linux Kernel+3

Published

2025-04-27

·

Updated

2026-05-26

·

CVE-2025-38213

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vgacon scroll() function, where a check for the vc origin address range has been added. The vulnerability was reported by an in-house Syzkaller, which detected a slab-out-of-bounds error in the vcs scr readw() function. The error occurred when reading from an address range that was not properly checked. The vulnerability may be exploited through the vfs write() function, which is used to write data to a file. The vcs write buf noattr() and vcs write() functions are also involved in the vulnerability.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-15460
CVE-2025-38213
ECHO-368B-F99B-AB2B
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02588-1
SUSE-SU-2025:02844-1
SUSE-SU-2025:02844-2
SUSE-SU-2025:02846-1
SUSE-SU-2025:02848-1
SUSE-SU-2025:02849-1
SUSE-SU-2025:02850-1
SUSE-SU-2025:02851-1
SUSE-SU-2025:02852-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:2588-1
SUSE-SU-2025_02588-1
SUSE-SU-2025_02844-1
SUSE-SU-2025_02844-2
SUSE-SU-2025_02846-1
SUSE-SU-2025_02848-1
SUSE-SU-2025_02849-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1

Affected Products

Debian
Linux Kernel
Red Os
Suse