CVE-2025-38077

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38077
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38077.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38077
Downstream
Related
Published
2025-06-18T10:15:41Z
Modified
2025-08-12T21:01:37Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore()

If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.

Add a check for an empty string.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages