CVE-2025-38317Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow19 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 10
Latest updateDec 3

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.116.12.34+1
Debianlinux/linux_kernel< 6.12.35-1+1
CVEListV5linux/linux3f73c24f28b317f22df7870c25ff82f1d625c6c20c57aa8ef94cffc5c2d68230e19329a03e71a94f+3
debiandebian/linux< linux 6.12.35-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities2025-12-03
OSV
linux-raspi vulnerabilities2025-10-08
OSV
linux-oracle-6.14 vulnerabilities2025-10-01
OSV
linux-aws-6.14, linux-hwe-6.14 vulnerabilities2025-09-26
OSV
linux-realtime-6.14 vulnerabilities2025-09-24

📋Vendor Advisories

9
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-01
Ubuntu
Linux kernel vulnerabilities2025-09-26
Ubuntu
Linux kernel vulnerabilities2025-09-25
Ubuntu
Linux kernel (OEM) vulnerabilities2025-09-24
CVE-2025-38317 — Out-of-bounds Write in Linux | cvebase