Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2025-38395— regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods

AI Predicted 4.4 Difficulty: Hard EPSS 0.16% · P6

Possible ATT&CK Techniques 1AI

T1135 · Network Share Discovery

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxd6cd33ad71029a3f77ba1686caf55d4dea58d916< a3cd5ae7befbac849e0e0529c94ca04e8093cfd2affected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< 9fe71972869faed1f8f9b3beb9040f9c1b300c79affected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< 56738cbac3bbb1d39a71a07f57484dec1db8b239affected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< a1e12fac214d4f49fcb186dbdf9c5592e7fa0a7aaffected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< 24418bc77a66cb5be9f5a837431ba3674ed8b52faffected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< e4d19e5d71b217940e33f2ef6c6962b7b68c5606affected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< 3830ab97cda9599872625cc0dc7b00160193634faffected
d6cd33ad71029a3f77ba1686caf55d4dea58d916< c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-38395

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors. While at it, also move the check for memory allocation failure to be below the allocation to make it more readable.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于gpiods数组分配不足可能导致越界访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d6cd33ad71029a3f77ba1686caf55d4dea58d916 ~ a3cd5ae7befbac849e0e0529c94ca04e8093cfd2 -
LinuxLinux 5.1 -

II. Public POCs for CVE-2025-38395

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-38395

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-07-25 · 114 CVEs total

CVE-2025-38426drm/amdgpu: Add basic validation for RAS header
CVE-2025-38440net/mlx5e: Fix race between DIM disable and net_dim()
CVE-2025-38438ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
CVE-2025-38437ksmbd: fix potential use-after-free in oplock/lease break ack
CVE-2025-38436drm/scheduler: signal scheduled fence when kill job
CVE-2025-38435riscv: vector: Fix context save/restore with xtheadvector
CVE-2025-38434Revert "riscv: Define TASK_SIZE_MAX for __access_ok()"
CVE-2025-38433riscv: fix runtime constant support for nommu kernels
CVE-2025-38432net: netpoll: Initialize UDP checksum field before checksumming
CVE-2025-38431smb: client: fix regression with native SMB symlinks
CVE-2025-38430nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
CVE-2025-38429bus: mhi: ep: Update read pointer only after buffer is written
CVE-2025-38428Input: ims-pcu - check record size in ims_pcu_flash_firmware()
CVE-2025-38427video: screen_info: Relocate framebuffers behind PCI bridges
CVE-2025-38425i2c: tegra: check msg length in SMBUS block read
CVE-2025-38414wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
CVE-2025-38417ice: fix eswitch code memory leak in reset scenario
CVE-2025-38416NFC: nci: uart: Set tty->disc_data only in success path
CVE-2025-38415Squashfs: check return result of sb_min_blocksize
CVE-2025-38418remoteproc: core: Release rproc->clean_table after rproc_attach() fails

Showing top 20 of 114 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2025-38395

No comments yet


Leave a comment