Acknowledged
Created: Jul 28, 2025
Updated: Jul 29, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]Input: ims-pcu - check record size in ims_pcu_flash_firmware()[EOL][EOL]The "len" variable comes from the firmware and we generally do[EOL]trust firmware, but it's always better to double check. If the "len"[EOL]is too large it could result in memory corruption when we do[EOL]"memcpy(fragment->data, rec->data, len);"
CREATE(Triage):(User=admin) [CVE-2025-38428 (https://nvd.nist.gov/vuln/detail/CVE-2025-38428)
