UBUNTU-CVE-2025-9389

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-9389

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-9389

Upstream

CVE-2025-9389

Withdrawn

2025-08-27T18:37:34Z

Published

2025-08-25T00:00:00Z

Modified

2025-08-26T06:48:01.452343Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability was identified in vim 9.1.0000. Affected is the function _memmoveavxunalignederms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

References

Affected packages

Ubuntu:22.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.24?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:8.*

2:8.2.2434-3ubuntu3

2:8.2.2434-3ubuntu4

2:8.2.3565-1ubuntu1

2:8.2.3565-1ubuntu2

2:8.2.3565-1ubuntu3

2:8.2.3565-1ubuntu5

2:8.2.3995-1ubuntu1

2:8.2.3995-1ubuntu2

2:8.2.3995-1ubuntu2.1

2:8.2.3995-1ubuntu2.3

2:8.2.3995-1ubuntu2.4

2:8.2.3995-1ubuntu2.5

2:8.2.3995-1ubuntu2.7

2:8.2.3995-1ubuntu2.8

2:8.2.3995-1ubuntu2.9

2:8.2.3995-1ubuntu2.10

2:8.2.3995-1ubuntu2.11

2:8.2.3995-1ubuntu2.12

2:8.2.3995-1ubuntu2.13

2:8.2.3995-1ubuntu2.15

2:8.2.3995-1ubuntu2.16

2:8.2.3995-1ubuntu2.17

2:8.2.3995-1ubuntu2.18

2:8.2.3995-1ubuntu2.19

2:8.2.3995-1ubuntu2.20

2:8.2.3995-1ubuntu2.21

2:8.2.3995-1ubuntu2.22

2:8.2.3995-1ubuntu2.23

2:8.2.3995-1ubuntu2.24

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:24.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:9.1.0016-1ubuntu7.8?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*

2:9.0.1672-1ubuntu2

2:9.0.2087-1ubuntu1

2:9.0.2116-1ubuntu1

2:9.0.2116-1ubuntu2

2:9.0.2184-0ubuntu1

2:9.0.2189-1ubuntu1

2:9.1.0-1ubuntu1

2:9.1.0016-1ubuntu2

2:9.1.0016-1ubuntu6

2:9.1.0016-1ubuntu7

2:9.1.0016-1ubuntu7.1

2:9.1.0016-1ubuntu7.2

2:9.1.0016-1ubuntu7.3

2:9.1.0016-1ubuntu7.4

2:9.1.0016-1ubuntu7.5

2:9.1.0016-1ubuntu7.6

2:9.1.0016-1ubuntu7.7

2:9.1.0016-1ubuntu7.8

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:25.04

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:9.1.0967-1ubuntu4?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*

2:9.1.0496-1ubuntu6

2:9.1.0777-1ubuntu1

2:9.1.0861-1ubuntu1

2:9.1.0967-1ubuntu2

2:9.1.0967-1ubuntu3

2:9.1.0967-1ubuntu4

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:Pro:14.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:7.4.052-1ubuntu3.1+esm21?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:7.*

2:7.4.000-1ubuntu2

2:7.4.052-1ubuntu1

2:7.4.052-1ubuntu2

2:7.4.052-1ubuntu3

2:7.4.052-1ubuntu3.1

2:7.4.052-1ubuntu3.1+esm1

2:7.4.052-1ubuntu3.1+esm3

2:7.4.052-1ubuntu3.1+esm4

2:7.4.052-1ubuntu3.1+esm5

2:7.4.052-1ubuntu3.1+esm6

2:7.4.052-1ubuntu3.1+esm7

2:7.4.052-1ubuntu3.1+esm8

2:7.4.052-1ubuntu3.1+esm9

2:7.4.052-1ubuntu3.1+esm10

2:7.4.052-1ubuntu3.1+esm11

2:7.4.052-1ubuntu3.1+esm12

2:7.4.052-1ubuntu3.1+esm13

2:7.4.052-1ubuntu3.1+esm14

2:7.4.052-1ubuntu3.1+esm15

2:7.4.052-1ubuntu3.1+esm16

2:7.4.052-1ubuntu3.1+esm17

2:7.4.052-1ubuntu3.1+esm18

2:7.4.052-1ubuntu3.1+esm19

2:7.4.052-1ubuntu3.1+esm20

2:7.4.052-1ubuntu3.1+esm21

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:Pro:16.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:7.4.1689-3ubuntu1.5+esm27?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:7.*

2:7.4.712-2ubuntu4

2:7.4.826-1ubuntu1

2:7.4.826-1ubuntu2

2:7.4.826-1ubuntu3

2:7.4.963-1ubuntu1

2:7.4.963-1ubuntu4

2:7.4.963-1ubuntu5

2:7.4.1689-3ubuntu1

2:7.4.1689-3ubuntu1.1

2:7.4.1689-3ubuntu1.2

2:7.4.1689-3ubuntu1.3

2:7.4.1689-3ubuntu1.4

2:7.4.1689-3ubuntu1.5

2:7.4.1689-3ubuntu1.5+esm2

2:7.4.1689-3ubuntu1.5+esm3

2:7.4.1689-3ubuntu1.5+esm4

2:7.4.1689-3ubuntu1.5+esm5

2:7.4.1689-3ubuntu1.5+esm6

2:7.4.1689-3ubuntu1.5+esm7

2:7.4.1689-3ubuntu1.5+esm8

2:7.4.1689-3ubuntu1.5+esm10

2:7.4.1689-3ubuntu1.5+esm11

2:7.4.1689-3ubuntu1.5+esm12

2:7.4.1689-3ubuntu1.5+esm13

2:7.4.1689-3ubuntu1.5+esm14

2:7.4.1689-3ubuntu1.5+esm15

2:7.4.1689-3ubuntu1.5+esm17

2:7.4.1689-3ubuntu1.5+esm18

2:7.4.1689-3ubuntu1.5+esm19

2:7.4.1689-3ubuntu1.5+esm20

2:7.4.1689-3ubuntu1.5+esm22

2:7.4.1689-3ubuntu1.5+esm23

2:7.4.1689-3ubuntu1.5+esm24

2:7.4.1689-3ubuntu1.5+esm25

2:7.4.1689-3ubuntu1.5+esm26

2:7.4.1689-3ubuntu1.5+esm27

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:Pro:18.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:8.0.1453-1ubuntu1.13+esm12?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:8.*

2:8.0.0197-4ubuntu5

2:8.0.1144-1ubuntu1

2:8.0.1401-1ubuntu1

2:8.0.1401-1ubuntu2

2:8.0.1401-1ubuntu3

2:8.0.1453-1ubuntu1

2:8.0.1453-1ubuntu1.1

2:8.0.1453-1ubuntu1.3

2:8.0.1453-1ubuntu1.4

2:8.0.1453-1ubuntu1.6

2:8.0.1453-1ubuntu1.7

2:8.0.1453-1ubuntu1.8

2:8.0.1453-1ubuntu1.9

2:8.0.1453-1ubuntu1.10

2:8.0.1453-1ubuntu1.11

2:8.0.1453-1ubuntu1.12

2:8.0.1453-1ubuntu1.13

2:8.0.1453-1ubuntu1.13+esm1

2:8.0.1453-1ubuntu1.13+esm3

2:8.0.1453-1ubuntu1.13+esm4

2:8.0.1453-1ubuntu1.13+esm5

2:8.0.1453-1ubuntu1.13+esm6

2:8.0.1453-1ubuntu1.13+esm7

2:8.0.1453-1ubuntu1.13+esm8

2:8.0.1453-1ubuntu1.13+esm9

2:8.0.1453-1ubuntu1.13+esm10

2:8.0.1453-1ubuntu1.13+esm11

2:8.0.1453-1ubuntu1.13+esm12

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"

Ubuntu:Pro:20.04:LTS

vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.32?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:8.*

2:8.1.0875-5ubuntu2

2:8.1.0875-5ubuntu3

2:8.1.0875-5ubuntu4

2:8.1.2269-1ubuntu1

2:8.1.2269-1ubuntu4

2:8.1.2269-1ubuntu5

2:8.1.2269-1ubuntu5.3

2:8.1.2269-1ubuntu5.4

2:8.1.2269-1ubuntu5.6

2:8.1.2269-1ubuntu5.7

2:8.1.2269-1ubuntu5.8

2:8.1.2269-1ubuntu5.9

2:8.1.2269-1ubuntu5.11

2:8.1.2269-1ubuntu5.12

2:8.1.2269-1ubuntu5.13

2:8.1.2269-1ubuntu5.14

2:8.1.2269-1ubuntu5.15

2:8.1.2269-1ubuntu5.16

2:8.1.2269-1ubuntu5.17

2:8.1.2269-1ubuntu5.18

2:8.1.2269-1ubuntu5.20

2:8.1.2269-1ubuntu5.21

2:8.1.2269-1ubuntu5.22

2:8.1.2269-1ubuntu5.23

2:8.1.2269-1ubuntu5.24

2:8.1.2269-1ubuntu5.25

2:8.1.2269-1ubuntu5.26

2:8.1.2269-1ubuntu5.29

2:8.1.2269-1ubuntu5.30

2:8.1.2269-1ubuntu5.31

2:8.1.2269-1ubuntu5.32

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9389.json"