5.5

CVE-2025-38332

scsi: lpfc: Use memcpy() for BIOS version

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Use memcpy() for BIOS version

The strlcat() with FORTIFY support is triggering a panic because it
thinks the target buffer will overflow although the correct target
buffer size is passed in.

Anyway, instead of memset() with 0 followed by a strlcat(), just use
memcpy() and ensure that the resulting buffer is NULL terminated.

BIOSVersion is only used for the lpfc_printf_log() which expects a
properly terminated string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.295
LinuxLinux Kernel Version >= 5.5 < 5.10.239
LinuxLinux Kernel Version >= 5.11 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.95
LinuxLinux Kernel Version >= 6.7 < 6.12.35
LinuxLinux Kernel Version >= 6.13 < 6.15.4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.062
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d
Patch
https://git.kernel.org/stable/c/b699bda5db818b684ff62d140defd6394f38f3d6
Patch
https://git.kernel.org/stable/c/d34f2384d6df11a6c67039b612c2437f46e587e8
Patch
https://git.kernel.org/stable/c/75ea8375c5a83f46c47bfb3de6217c7589a8df93
Patch
https://git.kernel.org/stable/c/34c0a670556b24d36c9f8934227edb819ca5609e
Patch
https://git.kernel.org/stable/c/2f63bf0d2b146956a2f2ff3b25cee71019e64561
Patch
https://git.kernel.org/stable/c/003baa7a1a152576d744bd655820449bbdb0248e
Patch
https://git.kernel.org/stable/c/ae82eaf4aeea060bb736c3e20c0568b67c701d7d
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory