Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2025-38077

CVE-2025-38077

HIGH7.8

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

Published Jun 18, 2025

Modified 5 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.

Add a check for an empty string.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

WEB

https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6

WEB

https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5

WEB

https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b

WEB

https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc

WEB

https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f

WEB

https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3

WEB

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-38077

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJun 18, 2025

ModifiedNov 3, 2025

CVE-2025-38077 | Mondoo Vulnerability Intelligence