CVE-2025-38027Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read42 documents7 sources
Severity
7.1HIGHNVD
OSV7.8OSV3.2
EPSS
0.0%
top 88.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJun 18
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc() to allocate a struct devm_of_regulator_matches which will be de-allocated using devm_of_regulator_put_matches(). struct devm_of_regulator_match

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel5.176.1.140+4
Debianlinux/linux_kernel< 6.1.140-1+2
Ubuntulinux/linux_kernel< 6.8.0-100.100
CVEListV5linux/linuxbfff546aae50ae68ed395bf0e0848188d27b0ba36ba30f7aa2c550b2ac04f16b81a19a8c045b8660+5

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38027 — Out-of-bounds Read in Linux | cvebase