{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38412", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.013Z", "datePublished": "2025-07-25T13:20:16.688Z", "dateUpdated": "2025-11-03T17:37:44.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:21:25.343Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h", "drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/sysman.c"], "versions": [{"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "92c2d914b5337431d885597a79a3a3d9d55e80b7", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "68e9963583d11963ceca5d276e9c44684509f759", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "0deb3eb78ebf225cb41aa9b2b2150f46cbfd359e", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "5df3b870bc389a1767c72448a3ce1c576ef4deab", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "aaf847dcb4114fe8b25d4c1c790bedcb6088cb3d", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "eb617dd25ca176f3fee24f873f0fd60010773d67", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h", "drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c", "drivers/platform/x86/dell/dell-wmi-sysman/sysman.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.187", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.144", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.97", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.37", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.6", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.187"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1.144"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.6.97"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.12.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.15.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/92c2d914b5337431d885597a79a3a3d9d55e80b7"}, {"url": "https://git.kernel.org/stable/c/68e9963583d11963ceca5d276e9c44684509f759"}, {"url": "https://git.kernel.org/stable/c/0deb3eb78ebf225cb41aa9b2b2150f46cbfd359e"}, {"url": "https://git.kernel.org/stable/c/5df3b870bc389a1767c72448a3ce1c576ef4deab"}, {"url": "https://git.kernel.org/stable/c/aaf847dcb4114fe8b25d4c1c790bedcb6088cb3d"}, {"url": "https://git.kernel.org/stable/c/eb617dd25ca176f3fee24f873f0fd60010773d67"}], "title": "platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:37:44.050Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BD28D29-423C-4173-9DB8-3BA14E9F665D", "versionEndExcluding": "5.15.187", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "81CF08DB-B7A2-4556-8AE3-ED9144F50E31", "versionEndExcluding": "6.1.144", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB1BB991-B903-4718-966C-07C803CBEABC", "versionEndExcluding": "6.6.97", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B4159AA-C70D-4DE5-9EE2-8F2728F13C5D", "versionEndExcluding": "6.12.37", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E0BB4E0-44BC-4645-83A8-6EA232CE624C", "versionEndExcluding": "6.15.6", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "A0517869-312D-4429-80C2-561086E1421C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: plataforma/x86: dell-wmi-sysman: reparar la recuperaci\u00f3n de bloques de datos WMI en devoluciones de llamadas sysfs Despu\u00e9s de recuperar bloques de datos WMI en devoluciones de llamadas sysfs, verifique su validez antes de desreferenciar su contenido."}], "id": "CVE-2025-38412", "lastModified": "2025-12-23T18:47:19.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-25T14:15:32.903", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0deb3eb78ebf225cb41aa9b2b2150f46cbfd359e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5df3b870bc389a1767c72448a3ce1c576ef4deab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/68e9963583d11963ceca5d276e9c44684509f759"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92c2d914b5337431d885597a79a3a3d9d55e80b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aaf847dcb4114fe8b25d4c1c790bedcb6088cb3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eb617dd25ca176f3fee24f873f0fd60010773d67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks", "id": "2383398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383398"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content."], "name": "CVE-2025-38412", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38412\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38412\nhttps://lore.kernel.org/linux-cve-announce/2025072521-CVE-2025-38412-2ccc@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-26T11:22:10.868591+00:00", "updated": "2025-07-26T11:22:10.868670+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}