CVE-2025-38077

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.

Add a check for an empty string.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < fb7cde625872709b8cedad9b241e0ec3d82fa7d3affected
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < 60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5affected
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < f86465626917df3b8bdd2756ec0cc9d179c5af0faffected
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < 8594a123cfa23d708582dc6fb36da34479ef8a5baffected
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < 97066373ffd55bd9af0b512ff3dd1f647620a3dcaffected
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d < 4e89a4077490f52cde652d17e32519b666abf3a6affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.185 <= 5.15.*unaffected
LinuxLinux6.1.141 <= 6.1.*unaffected
LinuxLinux6.6.93 <= 6.6.*unaffected
LinuxLinux6.12.31 <= 6.12.*unaffected
LinuxLinux6.14.9 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References