216.73.217.176

CVE-2025-38090

· Published 30/06/2025 08:15 · Modified 30/06/2025 18:38

Labels: CVE-2025-38090 2025-06-30416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-38090

Essential information

Published
30/06/2025 08:15
Modified
30/06/2025 18:38
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data but riocm_ch_send() failed to check that userspace sent sufficient data. The result is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr which were outside the bounds of the space which cm_chan_msg_send() allocated. Address this by teaching riocm_ch_send() to check that the entire rio_ch_chan_hdr was copied in from userspace.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References