CVE-2025-38077

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38077

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38077.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38077

Downstream

BELL-CVE-2025-38077

DEBIAN-CVE-2025-38077

DSA-5973-1

ECHO-7338-93e3-7c6a

SUSE-SU-2025:02249-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-38077

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

Related

Published

2025-06-18T10:15:41Z

Modified

2025-08-12T21:01:37Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore()

If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.

Add a check for an empty string.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages