CVE-2025-38077
- Source
- https://cve.org/CVERecord?id=CVE-2025-38077
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38077.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38077
- Downstream
- Related
- Published
- 2025-06-18T09:33:51.986Z
- Modified
- 2026-05-15T11:53:58.255535491Z
- Summary
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore()
If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.
Add a check for an empty string.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38077.json" }- References
-
- https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6
- https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5
- https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b
- https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc
- https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f
- https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38077.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38077
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git