CVE-2025-38332
Published: Jul 10, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated. BIOSVersion is only used for the lpfc_printf_log() which expects a properly terminated string.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b3b4f3e1d575fe142fd437158425c2359b695ff1 - < ac7bfaa099ec3e4d7dfd0ab9726fc3bc7911365daffected b3b4f3e1d575fe142fd437158425c2359b695ff1 - < b699bda5db818b684ff62d140defd6394f38f3d6affected b3b4f3e1d575fe142fd437158425c2359b695ff1 - < d34f2384d6df11a6c67039b612c2437f46e587e8affected b3b4f3e1d575fe142fd437158425c2359b695ff1 - < 75ea8375c5a83f46c47bfb3de6217c7589a8df93affected b3b4f3e1d575fe142fd437158425c2359b695ff1 - < 34c0a670556b24d36c9f8934227edb819ca5609e+3 more versions |
Linux | Linux | affected 5.2unaffected 0 - < 5.2unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now