CVE-2025-38332
published 2025-07-10CVE-2025-38332: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Use memcpy() for BIOS version
The strlcat() with FORTIFY support is triggering a panic because it
thinks the target buffer will overflow although the correct target
buffer size is passed in.
Anyway, instead of memset() with 0 followed by a strlcat(), just use
memcpy() and ensure that the resulting buffer is NULL terminated.
BIOSVersion is only used for the lpfc_printf_log() which expects a
properly terminated string.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d | ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365d |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < b699bda5db818b684ff62d140defd6394f38f3d6 | b699bda5db818b684ff62d140defd6394f38f3d6 |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < d34f2384d6df11a6c67039b612c2437f46e587e8 | d34f2384d6df11a6c67039b612c2437f46e587e8 |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < 75ea8375c5a83f46c47bfb3de6217c7589a8df93 | 75ea8375c5a83f46c47bfb3de6217c7589a8df93 |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < 34c0a670556b24d36c9f8934227edb819ca5609e | 34c0a670556b24d36c9f8934227edb819ca5609e |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < 2f63bf0d2b146956a2f2ff3b25cee71019e64561 | 2f63bf0d2b146956a2f2ff3b25cee71019e64561 |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < 003baa7a1a152576d744bd655820449bbdb0248e | 003baa7a1a152576d744bd655820449bbdb0248e |
| linux | linux | >= b3b4f3e1d575fe142fd437158425c2359b695ff1 < ae82eaf4aeea060bb736c3e20c0568b67c701d7d | ae82eaf4aeea060bb736c3e20c0568b67c701d7d |
| linux | linux_kernel | < 5.4.295 | 5.4.295 |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.11 < 5.15.186 | 5.15.186 |
| linux | linux_kernel | >= 5.16 < 6.1.142 | 6.1.142 |
| linux | linux_kernel | >= 5.5 < 5.10.239 | 5.10.239 |
| linux | linux_kernel | >= 6.13 < 6.15.4 | 6.15.4 |
| linux | linux_kernel | >= 6.2 < 6.6.95 | 6.6.95 |
| linux | linux_kernel | >= 6.7 < 6.12.35 | 6.12.35 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM