CVE-2025-38573 (GCVE-0-2025-38573)
Vulnerability from cvelistv5
Published
2025-08-19 17:02
Modified
2025-08-19 17:02
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.
Impacted products
Vendor Product Version
Linux Linux Version: 0ca645ab5b1528666f6662a0e620140355b5aea3
Version: 0ca645ab5b1528666f6662a0e620140355b5aea3
Version: 0ca645ab5b1528666f6662a0e620140355b5aea3
Version: 0ca645ab5b1528666f6662a0e620140355b5aea3
Create a notification for this product.
   Linux Linux Version: 6.11
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-cs42l43.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "674328102baad76c7a06628efc01974ece5ae27f",
              "status": "affected",
              "version": "0ca645ab5b1528666f6662a0e620140355b5aea3",
              "versionType": "git"
            },
            {
              "lessThan": "9f0035ae38d2571f5ddedc829d74492013caa625",
              "status": "affected",
              "version": "0ca645ab5b1528666f6662a0e620140355b5aea3",
              "versionType": "git"
            },
            {
              "lessThan": "139b5df757a0aa436f763b0038e0b73808d2f4b6",
              "status": "affected",
              "version": "0ca645ab5b1528666f6662a0e620140355b5aea3",
              "versionType": "git"
            },
            {
              "lessThan": "ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667",
              "status": "affected",
              "version": "0ca645ab5b1528666f6662a0e620140355b5aea3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-cs42l43.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T17:02:53.008Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625"
        },
        {
          "url": "https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667"
        }
      ],
      "title": "spi: cs42l43: Property entry should be a null-terminated array",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38573",
    "datePublished": "2025-08-19T17:02:53.008Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-08-19T17:02:53.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38573\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:34.283\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nspi: cs42l43: Property entry should be a null-terminated array\\n\\nThe software node does not specify a count of property entries, so the\\narray must be null-terminated.\\n\\nWhen unterminated, this can lead to a fault in the downstream cs35l56\\namplifier driver, because the node parse walks off the end of the\\narray into unknown memory.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cs42l43: La entrada de propiedad debe ser una matriz con terminaci\u00f3n nula. El nodo de software no especifica un n\u00famero de entradas de propiedad, por lo que la matriz debe terminar en nulo. Si no est\u00e1 terminada, esto puede provocar un fallo en el controlador del amplificador cs35l56, ya que el an\u00e1lisis del nodo se desv\u00eda del final de la matriz hacia una memoria desconocida.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…