CVE-2025-38068
📋 TL;DR
A buffer overflow vulnerability exists in the Linux kernel's LZO compression implementation. Attackers can exploit this to write beyond allocated memory boundaries, potentially leading to system crashes or arbitrary code execution. This affects all Linux systems using the vulnerable kernel crypto/lzo module.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel-level arbitrary code execution leading to full system compromise, privilege escalation, or persistent rootkits.
Likely Case
Kernel panic or system crash causing denial of service, with potential for limited code execution in controlled environments.
If Mitigated
System crash or instability if exploit attempts are blocked by kernel protections like KASLR or SMEP.
🎯 Exploit Status
Exploitation requires triggering LZO compression with malicious input; complexity depends on specific use case and kernel protections.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a, 167373d77c70c2b558aae3e327b115249bb2652c, 4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111, 7caad075acb634a74911830d6386c50ea12566cd, a98bd864e16f91c70b2469adf013d713d04d1d13
Vendor Advisory: https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable LZO compression module
linuxPrevent loading of vulnerable crypto/lzo module
echo 'blacklist lzo' >> /etc/modprobe.d/blacklist.conf
rmmod lzo
Restrict kernel module loading
linuxPrevent unauthorized module loading that could include vulnerable LZO
echo 'kernel.modules_disabled=1' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement strict input validation for any applications using LZO compression
- Deploy kernel hardening features like KASLR, SMEP, and SMAP to limit exploit impact
🔍 How to Verify
Check if Vulnerable:
Check if LZO module is loaded: lsmod | grep lzo AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated AND LZO module functions correctly with test compression/decompression📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crash/panic logs
- Unexpected process termination
Network Indicators:
- Unusual compression-related network traffic patterns
SIEM Query:
source="kernel" AND ("Oops" OR "panic" OR "general protection fault") AND process="lzo"🔗 References
- https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a
- https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c
- https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111
- https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd
- https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13
- https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
