ГлавнаяУязвимости → CVE-2025-38395
7.1высокая

CVE-2025-38395

→ есть в БДУ: BDU:2025-11113 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors. While at it, also move the check for memory allocation failure to be below the allocation to make it more readable.

Затрагиваемое ПО
Linux Linux kernelDebian Debian linux
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Источники
https://git.kernel.org/stable/c/24418bc77a66cb5be9f5a837431ba3674ed8b52fhttps://git.kernel.org/stable/c/3830ab97cda9599872625cc0dc7b00160193634fhttps://git.kernel.org/stable/c/56738cbac3bbb1d39a71a07f57484dec1db8b239https://git.kernel.org/stable/c/9fe71972869faed1f8f9b3beb9040f9c1b300c79https://git.kernel.org/stable/c/a1e12fac214d4f49fcb186dbdf9c5592e7fa0a7ahttps://git.kernel.org/stable/c/a3cd5ae7befbac849e0e0529c94ca04e8093cfd2https://git.kernel.org/stable/c/c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3https://git.kernel.org/stable/c/e4d19e5d71b217940e33f2ef6c6962b7b68c5606