{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38395","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.011Z","datePublished":"2025-07-25T12:53:39.933Z","dateUpdated":"2026-05-11T21:27:09.277Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:27:09.277Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if 'config::ngpios' is > 1. So\nfix the code to allocate enough memory to hold 'config::ngpios' of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/gpio-regulator.c"],"versions":[{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"a3cd5ae7befbac849e0e0529c94ca04e8093cfd2","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"9fe71972869faed1f8f9b3beb9040f9c1b300c79","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"56738cbac3bbb1d39a71a07f57484dec1db8b239","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"a1e12fac214d4f49fcb186dbdf9c5592e7fa0a7a","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"24418bc77a66cb5be9f5a837431ba3674ed8b52f","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"e4d19e5d71b217940e33f2ef6c6962b7b68c5606","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"3830ab97cda9599872625cc0dc7b00160193634f","status":"affected","versionType":"git"},{"version":"d6cd33ad71029a3f77ba1686caf55d4dea58d916","lessThan":"c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/gpio-regulator.c"],"versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","status":"unaffected","versionType":"semver"},{"version":"5.4.296","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.240","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.187","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.144","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.97","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.37","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.6","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.10.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.15.187"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.1.144"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.6.97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.12.37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.15.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a3cd5ae7befbac849e0e0529c94ca04e8093cfd2"},{"url":"https://git.kernel.org/stable/c/9fe71972869faed1f8f9b3beb9040f9c1b300c79"},{"url":"https://git.kernel.org/stable/c/56738cbac3bbb1d39a71a07f57484dec1db8b239"},{"url":"https://git.kernel.org/stable/c/a1e12fac214d4f49fcb186dbdf9c5592e7fa0a7a"},{"url":"https://git.kernel.org/stable/c/24418bc77a66cb5be9f5a837431ba3674ed8b52f"},{"url":"https://git.kernel.org/stable/c/e4d19e5d71b217940e33f2ef6c6962b7b68c5606"},{"url":"https://git.kernel.org/stable/c/3830ab97cda9599872625cc0dc7b00160193634f"},{"url":"https://git.kernel.org/stable/c/c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3"}],"title":"regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:37:28.806Z"}}]}}