#VU113332 Buffer overflow in Linux kernel - CVE-2025-38396
Published: July 27, 2025
Vulnerability identifier: #VU113332
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38396
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/66d29d757c968d2bee9124816da5d718eb352959
- https://git.kernel.org/stable/c/6ca45ea48530332a4ba09595767bd26d3232743b
- https://git.kernel.org/stable/c/cbe4134ea4bc493239786220bd69cb8a13493190
- https://git.kernel.org/stable/c/e3eed01347721cd7a8819568161c91d538fbf229
- https://git.kernel.org/stable/c/f94c422157f3e43dd31990567b3e5d54b3e5b32b