{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38676", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.031Z", "datePublished": "2025-08-26T13:07:48.761Z", "dateUpdated": "2025-11-03T17:40:59.770Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-29T05:55:46.029Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Avoid stack buffer overflow from kernel cmdline\n\nWhile the kernel command line is considered trusted in most environments,\navoid writing 1 byte past the end of \"acpiid\" if the \"str\" argument is\nmaximum length."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iommu/amd/init.c"], "versions": [{"version": "f2a5ec7f7b28f9b9cd5fac232ff51019a7f7b9e9", "lessThan": "a732502bf3bbe859613b6d7b2b0313b11f0474ac", "status": "affected", "versionType": "git"}, {"version": "c513043e0afe6a8ba79d00af358655afabb576d2", "lessThan": "0ad8509b468fa1058f4f400a1829f29e4ccc4de8", "status": "affected", "versionType": "git"}, {"version": "2ae19ac3ea82a5b87a81c10adbb497c9e58bdd60", "lessThan": "9ff52d3af0ef286535749e14e3fe9eceb39a8349", "status": "affected", "versionType": "git"}, {"version": "b6b26d86c61c441144c72f842f7469bb686e1211", "lessThan": "8f80c633cba144f721d38d9380f23d23ab7db10e", "status": "affected", "versionType": "git"}, {"version": "b6b26d86c61c441144c72f842f7469bb686e1211", "lessThan": "4bdb0f78bddbfa77d3ab458a21dd9cec495d317a", "status": "affected", "versionType": "git"}, {"version": "b6b26d86c61c441144c72f842f7469bb686e1211", "lessThan": "736db11c86f03e717fc4bf771d05efdf10d23acb", "status": "affected", "versionType": "git"}, {"version": "b6b26d86c61c441144c72f842f7469bb686e1211", "lessThan": "8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec", "status": "affected", "versionType": "git"}, {"version": "5e97dc748d13fad582136ba0c8cec215c7aeeb17", "status": "affected", "versionType": "git"}, {"version": "63cd11165e5e0ea2012254c764003eda1f9adb7d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iommu/amd/init.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.241", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.190", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.149", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.103", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.44", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.4", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.175", "versionEndExcluding": "5.10.241"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.103", "versionEndExcluding": "5.15.190"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.16", "versionEndExcluding": "6.1.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.6.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.12.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.16.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.237"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a732502bf3bbe859613b6d7b2b0313b11f0474ac"}, {"url": "https://git.kernel.org/stable/c/0ad8509b468fa1058f4f400a1829f29e4ccc4de8"}, {"url": "https://git.kernel.org/stable/c/9ff52d3af0ef286535749e14e3fe9eceb39a8349"}, {"url": "https://git.kernel.org/stable/c/8f80c633cba144f721d38d9380f23d23ab7db10e"}, {"url": "https://git.kernel.org/stable/c/4bdb0f78bddbfa77d3ab458a21dd9cec495d317a"}, {"url": "https://git.kernel.org/stable/c/736db11c86f03e717fc4bf771d05efdf10d23acb"}, {"url": "https://git.kernel.org/stable/c/8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec"}], "title": "iommu/amd: Avoid stack buffer overflow from kernel cmdline", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:40:59.770Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Avoid stack buffer overflow from kernel cmdline\n\nWhile the kernel command line is considered trusted in most environments,\navoid writing 1 byte past the end of \"acpiid\" if the \"str\" argument is\nmaximum length."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/amd: evitar el desbordamiento del b\u00fafer de pila desde la l\u00ednea de comandos del kernel. Si bien la l\u00ednea de comandos del kernel se considera confiable en la mayor\u00eda de los entornos, evite escribir 1 byte despu\u00e9s del final de \"acpiid\" si el argumento \"str\" tiene la longitud m\u00e1xima."}], "id": "CVE-2025-38676", "lastModified": "2025-11-03T18:16:34.147", "metrics": {}, "published": "2025-08-26T13:15:32.147", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0ad8509b468fa1058f4f400a1829f29e4ccc4de8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4bdb0f78bddbfa77d3ab458a21dd9cec495d317a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/736db11c86f03e717fc4bf771d05efdf10d23acb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8f80c633cba144f721d38d9380f23d23ab7db10e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ff52d3af0ef286535749e14e3fe9eceb39a8349"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a732502bf3bbe859613b6d7b2b0313b11f0474ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iommu/amd: Avoid stack buffer overflow from kernel cmdline", "id": "2391033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391033"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-805", "details": ["No description is available for this CVE."], "name": "CVE-2025-38676", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38676\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38676\nhttps://lore.kernel.org/linux-cve-announce/2025082627-CVE-2025-38676-326c@gregkh/T"], "statement": "This vulnerability could cause a one-byte stack buffer overflow when parsing the ivrs_acpihid kernel command-line parameter. The bug has been fixed by allocating space for the NULL terminator and tightening the length check. Since triggering this flaw requires controlling the kernel boot parameters, the privilege requirement is rated High (PR:H), meaning only an administrator or someone with equivalent system control could exploit it.", "threat_severity": "Moderate"}