7.8

CVE-2025-38077

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

If the 'buf' array received from the user contains an empty string, the
'length' variable will be zero. Accessing the 'buf' array element with
index 'length - 1' will result in a buffer overflow.

Add a check for an empty string.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.185
LinuxLinux Kernel Version >= 5.16 < 6.1.141
LinuxLinux Kernel Version >= 6.2 < 6.6.93
LinuxLinux Kernel Version >= 6.7 < 6.12.31
LinuxLinux Kernel Version >= 6.13 < 6.14.9
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
LinuxLinux Kernel Version6.15 Updaterc6
LinuxLinux Kernel Version6.15 Updaterc7
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.085
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3
Patch
https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5
Patch
https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f
Patch
https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b
Patch
https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc
Patch
https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory