SB20250620193 - Buffer overflow in Linux kernel crypto
Published: June 20, 2025
Security Bulletin ID
SB20250620193
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-38068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a
- https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c
- https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111
- https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd
- https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13
- https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463