CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

June 30, 2025

CVE ID : CVE-2025-38090

Published : June 30, 2025, 8:15 a.m. | 1 hour, 46 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

drivers/rapidio/rio_cm.c: prevent possible heap overwrite

riocm_cdev_ioctl(RIO_CM_CHAN_SEND)
-> cm_chan_msg_send()
-> riocm_ch_send()

cm_chan_msg_send() checks that userspace didn’t send too much data but
riocm_ch_send() failed to check that userspace sent sufficient data. The
result is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr
which were outside the bounds of the space which cm_chan_msg_send()
allocated.

Address this by teaching riocm_ch_send() to check that the entire
rio_ch_chan_hdr was copied in from userspace.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6897 – D-Link DI-7300G+ HTTPD Debug ASP OS Command Injection Vulnerability

Next Article CVE-2025-38087 – Linux Kernel Taprio Use-After-Free Vulnerability

Highlights

CVE-2025-32952 – Jmix File Size Limitation Dos

April 22, 2025

CVE ID : CVE-2025-32952

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

CVE-2025-53416 – CVE-2022-22954 Apache HTTP Server Remote Code Execution

LaZagne – credentials recovery project

CVE-2025-46740 – Adobe Acrobat Account Name Manipulation Vulnerability

Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks

CVE-2025-32952 – Jmix File Size Limitation Dos

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

Perficient Wins 2025 Delivery Award at Appian World for Second Consecutive Year

NVIDIA Fixes High-Severity Vulnerability in TensorRT-LLM

CVE-2025-38090 – Linux Kernel Rapidio Heap Overwrite Vulnerability

Related Posts