PT-2025-29054 · Linux+10 · Linux Kernel+10

Anubis

·

Published

2025-07-10

·

Updated

2026-04-20

·

CVE-2025-38332

CVSS v2.0

7.7

High

VectorAV:A/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The strlcat() function with FORTIFY support was triggering a panic due to a perceived buffer overflow, despite the correct target buffer size being passed. The issue occurs when using strlcat() with memset() followed by strlcat() for the BIOS version. The vulnerability is addressed by using memcpy() to ensure proper NULL termination of the resulting buffer, as the BIOSVersion is used by the lpfc printf log() function, which expects a properly terminated string.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2025:15008
ALSA-2025:15661
ALSA-2025:15782
AZL-65027
BDU:2025-10743
CESA-2025_15008
CVE-2025-38332
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-5824-30C7-AAAB
INFSA-2025_15008
INFSA-2025_15661
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1959
OESA-2025-1960
OESA-2025-1961
OESA-2025-1963
OESA-2025-1964
OPENSUSE-SU-2025:20081-1
RHSA-2025:14003
RHSA-2025:14005
RHSA-2025:15646
RHSA-2025:15648
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_15008
RHSA-2025_15661
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu