CVE-2025-38332

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38332

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38332.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38332

Downstream

BELL-CVE-2025-38332

DEBIAN-CVE-2025-38332

DSA-5973-1

ECHO-5824-30c7-aaab

OESA-2025-1959

OESA-2025-1960

OESA-2025-1961

OESA-2025-1963

OESA-2025-1964

RHSA-2025:14003

RHSA-2025:14005

RHSA-2025:15008

RHSA-2025:15646

RHSA-2025:15647

RHSA-2025:15648

RHSA-2025:15649

RHSA-2025:15661

RHSA-2025:15668

RHSA-2025:15782

RLSA-2025:15008

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38332

USN-7774-1

USN-7774-2

USN-7774-3

USN-7775-1

USN-7776-1

Related

Published

2025-07-10T09:15:27Z

Modified

2025-08-12T21:01:38Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Use memcpy() for BIOS version

The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in.

Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated.

BIOSVersion is only used for the lpfcprintflog() which expects a properly terminated string.

References

Affected packages