CVE-2025-38088
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
30/06/2025
Last modified:
17/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap<br />
<br />
memtrace mmap issue has an out of bounds issue. This patch fixes the by<br />
checking that the requested mapping region size should stay within the<br />
allocated region size.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13 (including) | 5.15.186 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.142 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.94 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.34 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/620b77b23c41a6546e5548ffe2ea3ad71880dde4
- https://git.kernel.org/stable/c/81260c41b518b6f32c701425f1427562fa92f293
- https://git.kernel.org/stable/c/8635e325b85dfb9ddebdfaa6b5605d40d16cd147
- https://git.kernel.org/stable/c/9c340b56d60545e4a159e41523dd8b23f81d3261
- https://git.kernel.org/stable/c/bbd5a9ddb0f9750783a48a871c9e12c0b68c5f39
- https://git.kernel.org/stable/c/cd097df4596f3a1e9d75eb8520162de1eb8485b2
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html