CVE-2025-38267Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-821Incorrect Synchronization19 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 10
Latest updateDec 3

Description

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer (the buffer that is currently being written to) it was assumed that it should never have missed events. If it does, it triggers a WARN_ON_ONCE(). But there just happens to be one scenario where t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.106.12.34+1
Debianlinux/linux_kernel< 6.12.35-1+1
debiandebian/linux< linux 6.12.35-1 (forky)
CVEListV5linux/linuxfe832be05a8eee5f1488cbcc2c562dd82d079fd6b8df8cb8f7eef52baa9ac5bf36a405ca67945a91+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities2025-12-03
OSV
linux-raspi vulnerabilities2025-10-08
OSV
linux-oracle-6.14 vulnerabilities2025-10-01
OSV
linux-aws-6.14, linux-hwe-6.14 vulnerabilities2025-09-26
OSV
linux-realtime-6.14 vulnerabilities2025-09-24

📋Vendor Advisories

9
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-01
Ubuntu
Linux kernel vulnerabilities2025-09-26
Ubuntu
Linux kernel vulnerabilities2025-09-25
Ubuntu
Linux kernel (OEM) vulnerabilities2025-09-24
CVE-2025-38267 — Out-of-bounds Write in Linux | cvebase