High severity7.8NVD Advisory· Published Aug 26, 2025· Updated May 12, 2026
CVE-2025-38676
CVE-2025-38676
Description
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Avoid stack buffer overflow from kernel cmdline
While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
120- osv-coords114 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 6.4.0-150600.23.73.1+ 113 more
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150600.23.73.1.150600.12.32.1
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150700.20.15.2
- (no CPE)range: < 6.4.0-15061.32.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.32.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.73.1.150600.12.32.1
- (no CPE)range: < 6.4.0-150700.53.19.1.150700.17.13.1
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.4.0-35.1.21.12
- (no CPE)range: < 6.4.0-35.1.21.12
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.1
- (no CPE)range: < 1-150700.1.3.1
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-37.1
- (no CPE)range: < 6.4.0-37.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150700.20.15.2
- (no CPE)range: < 6.4.0-15061.32.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-37.1
- (no CPE)range: < 6.4.0-37.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 6.4.0-150600.8.52.1
- (no CPE)range: < 6.4.0-150700.20.15.1
- (no CPE)range: < 6.4.0-15061.32.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.4.0-150600.10.55.1
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 6.4.0-150600.23.73.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
Patches
Vulnerability mechanics
References
10- git.kernel.org/stable/c/0ad8509b468fa1058f4f400a1829f29e4ccc4de8nvdPatch
- git.kernel.org/stable/c/4bdb0f78bddbfa77d3ab458a21dd9cec495d317anvdPatch
- git.kernel.org/stable/c/736db11c86f03e717fc4bf771d05efdf10d23acbnvdPatch
- git.kernel.org/stable/c/8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdecnvdPatch
- git.kernel.org/stable/c/8f80c633cba144f721d38d9380f23d23ab7db10envdPatch
- git.kernel.org/stable/c/9ff52d3af0ef286535749e14e3fe9eceb39a8349nvdPatch
- git.kernel.org/stable/c/a732502bf3bbe859613b6d7b2b0313b11f0474acnvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories