CVE-2025-38082

HIGH

Linux Kernel 6.11-6.12.31, 6.13-6.14.9 - Out-of-bounds Write in GPIO Virtuser Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix potential out-of-bound write If the caller wrote more characters, count is truncated to the max available space in "simple_write_to_buffer". Check that the input size does not exceed the buffer size. Write a zero termination afterwards.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/afe090366f470f77e140ff3407db813f57852c04

Patch

https://git.kernel.org/stable/c/b96feaaa0fda1e3871b438143c3446954b32d3a7

Patch

https://git.kernel.org/stable/c/7118be7c6072f40391923543fdd1563b8d56377c

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (12)

linux/Kernel 6.11.0 - 6.12.32linux

linux/Kernel 6.13.0 - 6.14.10linux

Linux/Linux < 6.11

Linux/Linux 6.11

Linux/Linux 6.12.32 - 6.12.*

Linux/Linux 6.14.10 - 6.14.*

Linux/Linux 6.15

Linux/Linux 91581c4b3f29e2e22aeb1a62e842d529ca638b2d - 7118be7c6072f40391923543fdd1563b8d56377c

Linux/Linux 91581c4b3f29e2e22aeb1a62e842d529ca638b2d - afe090366f470f77e140ff3407db813f57852c04

Linux/Linux 91581c4b3f29e2e22aeb1a62e842d529ca638b2d - b96feaaa0fda1e3871b438143c3446954b32d3a7

... and 2 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026