CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

June 30, 2025

CVE ID : CVE-2025-38090

Published : June 30, 2025, 8:15 a.m. | 1 hour, 46 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

drivers/rapidio/rio_cm.c: prevent possible heap overwrite

riocm_cdev_ioctl(RIO_CM_CHAN_SEND)
-> cm_chan_msg_send()
-> riocm_ch_send()

cm_chan_msg_send() checks that userspace didn’t send too much data but
riocm_ch_send() failed to check that userspace sent sufficient data. The
result is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr
which were outside the bounds of the space which cm_chan_msg_send()
allocated.

Address this by teaching riocm_ch_send() to check that the entire
rio_ch_chan_hdr was copied in from userspace.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6897 – D-Link DI-7300G+ HTTPD Debug ASP OS Command Injection Vulnerability

Next Article CVE-2025-38087 – Linux Kernel Taprio Use-After-Free Vulnerability

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

CVE-2025-5937 – WordPress MicroPayments Fans Paysite CSRF Vulnerability

Implement WCAG Rules in Your Infographics

Irasema Fernandez Leverages Marketing Expertise to Grow Latin America Experience Design Practice

How to Create Accessible and User-Friendly Forms in React

This would be my favorite wireless controller of all time if it wasn’t STILL wired-only on Xbox — but that could actually change

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

Windows 11 KB5055523 install fails, Windows Hello not working (April 2025 Update issues)

The best VPN services for iPad in 2025: Expert tested and reviewed

CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

Related Posts