Description

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo.

INFO

Published Date :

2025-06-18T09:33:46.125Z

Last Modified :

2026-01-02T15:29:57.023Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38068 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38068.

URL Resource
https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a cve-icon cve-icon
https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c cve-icon cve-icon
https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111 cve-icon cve-icon
https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd cve-icon cve-icon
https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13 cve-icon cve-icon
https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025061837-CVE-2025-38068-02a8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38068 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38068 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact