CVE-2025-38456

{"id": "CVE-2025-38456", "cveTags": [], "metrics": {}, "published": "2025-07-25T16:15:31.283", "references": [{"url": "https://git.kernel.org/stable/c/7c1a6ddb99858e7d68961f74ae27caeeeca67b6a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9e0d33e75c1604c3fad5586ad4dfa3b2695a3950", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cbc1670297f675854e982d23c8583900ff0cc67a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e2d5c005dfc96fe857676d1d8ac46b29275cb89b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa332f5dc6fc662ad7d3200048772c96b861cf6b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf->intf_num\" is not found. Calling atomic_dec(&intf->nr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don't really need to call atomic_dec() if we haven't called\natomic_add_return() so update the if (intf->in_shutdown) path as well."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipmi:msghandler: Se corrige una posible corrupci\u00f3n de memoria en ipmi_create_user(). El iterador de lista \"intf\" es un puntero no v\u00e1lido si no se encuentra el valor correcto \"intf->intf_num\". Llamar a atomic_dec(&intf->nr_users) en un puntero no v\u00e1lido provocar\u00e1 corrupci\u00f3n de memoria. No es necesario llamar a atomic_dec() si no se ha llamado a atomic_add_return(), as\u00ed que actualice tambi\u00e9n la ruta if (intf->in_shutdown)."}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}