{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T02:40:36.502","vulnerabilities":[{"cve":{"id":"CVE-2025-22104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-16T15:16:04.733","lastModified":"2025-11-03T18:44:21.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n <...>\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n <...>\n Allocated by task 17681:\n <...>\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n <...>\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n <...>\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ibmvnic: Uso de ayudantes del kernel para volcados hexadecimales. Anteriormente, cuando el controlador imprimía volcados hexadecimales, el búfer se convertía a una longitud de 8 bytes y se imprimía mediante formateadores de cadenas. Si el tamaño del búfer no era múltiplo de 8, era posible un desbordamiento del búfer de lectura. Por lo tanto, cree una nueva función ibmvnic que recorra un búfer y llame a hex_dump_to_buffer en su lugar. Este parche soluciona informes de KASAN como el siguiente: ibmvnic 30000003 env3: Login Buffer: ibmvnic 30000003 env3: 01000000af000000 <...> ibmvnic 30000003 env3: 2e6d62692e736261 ibmvnic 30000003 env3: 65050003006d6f63 ====================================================================== ERROR: KASAN: slab-out-of-bounds en ibmvnic_login+0xacc/0xffc [ibmvnic] Lectura de tamaño 8 en la dirección c0000001331a9aa8 por la tarea ip/17681 <...> Asignado por la tarea 17681: <...> ibmvnic_login+0x2f0/0xffc [ibmvnic] ibmvnic_open+0x148/0x308 [ibmvnic] __dev_open+0x1ac/0x304 <...> La dirección con errores se encuentra 168 bytes dentro de la región asignada de 175 bytes [c0000001331a9a00, c0000001331a9aaf) <...> ===================================================================== ibmvnic 30000003 env3: 00000000033766e"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"6.14.2","matchCriteriaId":"0F202EFC-B6A0-4764-A6E5-B68A0AFF331C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ae6b1d6c1acee3a2000394d83ec9f1028321e207","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d93a6caab5d7d9b5ce034d75b1e1e993338e3852","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}