Stack buffer overflow during cmdline parsing# CVE-2025-38676 — Linux Kernel ≤ 6.17-rc2 (AMD IOMMU) stack buffer overflow
This repo provides **safe, non-exploit PoC resources** to study CVE-2025-38676:
- Info-gathering + safety tools
- QEMU boot harness to exercise **long kernel cmdline** permutations
- Hardening guidance (GRUB/UEFI/Secure Boot; baseline `/proc/cmdline`)
> Vulnerability summary
Upstream fix: *“iommu/amd: Avoid stack buffer overflow from kernel cmdline … avoid writing 1 byte past the end of 'acpiid' if the 'str' argument is maximum length.”*
**Scope:** kernels ≤ 6.17-rc2 (IOMMU/AMD path). Distros are shipping patched kernels.
Sources: NVD, SUSE tracker, VulDB, commit reference.
- NVD: description & fix note.
- SUSE: mirrors upstream text.
- VulDB: affected up to 6.17-rc2; critical.
- Commit ref (via cvefeed.io): `git.kernel.org/stable/c/8503d0fcb1086...`.
### Ethics & Safe-Use
No weaponized exploit code. The harness **only** varies cmdline length/shape and collects logs to confirm stability or crashes in **a closed VM**.
### Quick start
```bash
sudo apt-get install -y build-essential qemu-system-x86 gcc make cpio busybox
cd tools && ./build.sh # build cmdline checker
cd ../scripts && ./make_initramfs.sh # build tiny initramfs with busybox
./qemu_boot_example.sh # boot VM with safe long cmdline
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view