#VU107791 Buffer overflow in Linux kernel - CVE-2025-22082

Cybersecurity Help s.r.o.

Published: 2025-04-22 | Updated: 2025-05-10

Vulnerability identifier: #VU107791

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22082

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iio_backend_debugfs_write_reg() function in drivers/iio/industrialio-backend.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.14, 6.14.1

External links
https://git.kernel.org/stable/c/035b4989211dc1c8626e186d655ae8ca5141bb73
https://git.kernel.org/stable/c/04271a4d2740f98bbe36f82cd3d74677a839d1eb
https://git.kernel.org/stable/c/df3892e5e861c43d5612728ed259634675b8a71f
https://git.kernel.org/stable/c/fd791c81f410ab1c554686a6f486dc7a176dfe35
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure

Ubuntu update for linux

Buffer overflow in Linux kernel iio driver