Acknowledged
Created: Jun 19, 2025
Updated: Jun 20, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]crypto: lzo - Fix compression buffer overrun[EOL][EOL]Unlike the decompression code, the compression code in LZO never[EOL]checked for output overruns. It instead assumes that the caller[EOL]always provides enough buffer space, disregarding the buffer length[EOL]provided by the caller.[EOL][EOL]Add a safe compression interface that checks for the end of buffer[EOL]before each write. Use the safe interface in crypto/lzo.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38068 (https://nvd.nist.gov/vuln/detail/CVE-2025-38068)
