2390597 – (CVE-2025-9389) CVE-2025-9389 vim: vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption

Bug 2390597 (CVE-2025-9389) - CVE-2025-9389 vim: vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption

Summary: CVE-2025-9389 vim: vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_e...

Keywords:
Status:	NEW
Alias:	CVE-2025-9389
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-24 14:01 UTC by OSIDB Bzimport
Modified:	2025-08-31 18:26 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-24 14:01:11 UTC

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

Note You need to log in before you can comment on or make changes to this bug.