CVE-2025-38395
Published: Jul 25, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors. While at it, also move the check for memory allocation failure to be below the allocation to make it more readable.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d6cd33ad71029a3f77ba1686caf55d4dea58d916 - < a3cd5ae7befbac849e0e0529c94ca04e8093cfd2affected d6cd33ad71029a3f77ba1686caf55d4dea58d916 - < 9fe71972869faed1f8f9b3beb9040f9c1b300c79affected d6cd33ad71029a3f77ba1686caf55d4dea58d916 - < 56738cbac3bbb1d39a71a07f57484dec1db8b239affected d6cd33ad71029a3f77ba1686caf55d4dea58d916 - < a1e12fac214d4f49fcb186dbdf9c5592e7fa0a7aaffected d6cd33ad71029a3f77ba1686caf55d4dea58d916 - < 24418bc77a66cb5be9f5a837431ba3674ed8b52f+3 more versions |
Linux | Linux | affected 5.1unaffected 0 - < 5.1unaffected 5.4.296 - <= 5.4.*unaffected 5.10.240 - <= 5.10.*unaffected 5.15.187 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now