Stack buffer overflow during cmdline parsing# CVE-2025-38676 — Linux Kernel ≤ 6.17-rc2 (AMD IOMMU) stack buffer overflow
This repo provides **safe, non-exploit PoC resources** to study CVE-2025-38676:
- Info-gathering + safety tools
- QEMU boot harness to exercise **long kernel cmdline** permutations
- Hardening guidance (GRUB/UEFI/Secure Boot; baseline `/proc/cmdline`)
> Vulnerability summary
Upstream fix: *“iommu/amd: Avoid stack buffer overflow from kernel cmdline … avoid writing 1 byte past the end of 'acpiid' if the 'str' argument is maximum length.”*
**Scope:** kernels ≤ 6.17-rc2 (IOMMU/AMD path). Distros are shipping patched kernels.
Sources: NVD, SUSE tracker, VulDB, commit reference.
- NVD: description & fix note.
- SUSE: mirrors upstream text.
- VulDB: affected up to 6.17-rc2; critical.
- Commit ref (via cvefeed.io): `git.kernel.org/stable/c/8503d0fcb1086...`.
### Ethics & Safe-Use
No weaponized exploit code. The harness **only** varies cmdline length/shape and collects logs to confirm stability or crashes in **a closed VM**.
### Quick start
```bash
sudo apt-get install -y build-essential qemu-system-x86 gcc make cpio busybox
cd tools && ./build.sh # build cmdline checker
cd ../scripts && ./make_initramfs.sh # build tiny initramfs with busybox
./qemu_boot_example.sh # boot VM with safe long cmdline
[4.0K] /data/pocs/964436bf236f06ddcd6985262b1de6eeca911f78
├── [4.0K] configs
│ └── [ 191] example_cmdlines.txt
├── [ 11K] LICENSE
├── [ 36] MIT License — © CyberDudeBivash.txt
├── [1.3K] README.md
├── [4.0K] references
│ └── [ 634] links.md
├── [4.0K] scripts
│ ├── [ 675] cmdline_fuzzer.py
│ ├── [ 81] collect_dmesg.sh
│ ├── [1.2K] make_initramfs.sh
│ └── [ 836] qemu_boot_example.sh
└── [4.0K] tools
├── [ 190] build.sh
├── [ 286] cmdline_len_guard.h
└── [1.5K] cmdline_safety_checker.c
4 directories, 12 files