#VU112823 Buffer overflow in Linux kernel - CVE-2025-38257
Published: July 11, 2025
Vulnerability identifier: #VU112823
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38257
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649
- https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489
- https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05
- https://git.kernel.org/stable/c/ad1bdd24a02d5a8d119af8e4cd50933780a6d29f
- https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16
- https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c