-

CVE-2025-38332

EPSS 0.04%
Veröffentlicht 10.07.2025 08:15:05
Zuletzt bearbeitet 10.07.2025 13:17:30
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Use memcpy() for BIOS version

The strlcat() with FORTIFY support is triggering a panic because it
thinks the target buffer will overflow although the correct target
buffer size is passed in.

Anyway, instead of memset() with 0 followed by a strlcat(), just use
memcpy() and ensure that the resulting buffer is NULL terminated.

BIOSVersion is only used for the lpfc_printf_log() which expects a
properly terminated string.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b699bda5db818b684ff62d140defd6394f38f3d6

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d34f2384d6df11a6c67039b612c2437f46e587e8

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 75ea8375c5a83f46c47bfb3de6217c7589a8df93

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 34c0a670556b24d36c9f8934227edb819ca5609e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2f63bf0d2b146956a2f2ff3b25cee71019e64561

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 003baa7a1a152576d744bd655820449bbdb0248e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < ae82eaf4aeea060bb736c3e20c0568b67c701d7d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.295

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d

https://git.kernel.org/stable/c/b699bda5db818b684ff62d140defd6394f38f3d6

https://git.kernel.org/stable/c/d34f2384d6df11a6c67039b612c2437f46e587e8

https://git.kernel.org/stable/c/75ea8375c5a83f46c47bfb3de6217c7589a8df93

https://git.kernel.org/stable/c/34c0a670556b24d36c9f8934227edb819ca5609e

https://git.kernel.org/stable/c/2f63bf0d2b146956a2f2ff3b25cee71019e64561

https://git.kernel.org/stable/c/003baa7a1a152576d744bd655820449bbdb0248e

https://git.kernel.org/stable/c/ae82eaf4aeea060bb736c3e20c0568b67c701d7d

https://nvd.nist.gov/vuln/detail/CVE-2025-38332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38332

EUVD