{"id":"CVE-2025-38456","summary":"ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf-\u003eintf_num\" is not found.  Calling atomic_dec(&intf-\u003enr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don't really need to call atomic_dec() if we haven't called\natomic_add_return() so update the if (intf-\u003ein_shutdown) path as well.","modified":"2026-04-16T04:38:33.936086073Z","published":"2025-07-25T15:27:35.559Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03601-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3725-1","SUSE-SU-2025:3751-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38456.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/7c1a6ddb99858e7d68961f74ae27caeeeca67b6a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e0d33e75c1604c3fad5586ad4dfa3b2695a3950"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cbc1670297f675854e982d23c8583900ff0cc67a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e2d5c005dfc96fe857676d1d8ac46b29275cb89b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fa332f5dc6fc662ad7d3200048772c96b861cf6b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38456.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38456"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82"},{"fixed":"cbc1670297f675854e982d23c8583900ff0cc67a"},{"fixed":"e2d5c005dfc96fe857676d1d8ac46b29275cb89b"},{"fixed":"9e0d33e75c1604c3fad5586ad4dfa3b2695a3950"},{"fixed":"7c1a6ddb99858e7d68961f74ae27caeeeca67b6a"},{"fixed":"fa332f5dc6fc662ad7d3200048772c96b861cf6b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38456.json"}}],"schema_version":"1.7.5"}