CVE-2025-38077

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a check for an empty string. Found by Linux Verification Center (linuxtesting.org) with SVACE.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3
https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5
https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f
https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b
https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc
https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6

Frequently Asked Questions

What is the severity of CVE-2025-38077?
CVE-2025-38077 has not yet been assigned a CVSS score.
How to fix CVE-2025-38077?
To fix CVE-2025-38077, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38077 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38077 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38077?
CVE-2025-38077 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.