CVE-2025-38573 (GCVE-0-2025-38573)
Vulnerability from cvelistv5
Published
2025-08-19 17:02
Modified
2025-08-19 17:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: cs42l43: Property entry should be a null-terminated array
The software node does not specify a count of property entries, so the
array must be null-terminated.
When unterminated, this can lead to a fault in the downstream cs35l56
amplifier driver, because the node parse walks off the end of the
array into unknown memory.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cs42l43.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "674328102baad76c7a06628efc01974ece5ae27f", "status": "affected", "version": "0ca645ab5b1528666f6662a0e620140355b5aea3", "versionType": "git" }, { "lessThan": "9f0035ae38d2571f5ddedc829d74492013caa625", "status": "affected", "version": "0ca645ab5b1528666f6662a0e620140355b5aea3", "versionType": "git" }, { "lessThan": "139b5df757a0aa436f763b0038e0b73808d2f4b6", "status": "affected", "version": "0ca645ab5b1528666f6662a0e620140355b5aea3", "versionType": "git" }, { "lessThan": "ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667", "status": "affected", "version": "0ca645ab5b1528666f6662a0e620140355b5aea3", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cs42l43.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.11" }, { "lessThan": "6.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.42", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.10", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.1", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17-rc1", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.42", "versionStartIncluding": "6.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17-rc1", "versionStartIncluding": "6.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory." } ], "providerMetadata": { "dateUpdated": "2025-08-19T17:02:53.008Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f" }, { "url": "https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625" }, { "url": "https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6" }, { "url": "https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667" } ], "title": "spi: cs42l43: Property entry should be a null-terminated array", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-38573", "datePublished": "2025-08-19T17:02:53.008Z", "dateReserved": "2025-04-16T04:51:24.025Z", "dateUpdated": "2025-08-19T17:02:53.008Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-38573\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:34.283\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nspi: cs42l43: Property entry should be a null-terminated array\\n\\nThe software node does not specify a count of property entries, so the\\narray must be null-terminated.\\n\\nWhen unterminated, this can lead to a fault in the downstream cs35l56\\namplifier driver, because the node parse walks off the end of the\\narray into unknown memory.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cs42l43: La entrada de propiedad debe ser una matriz con terminaci\u00f3n nula. El nodo de software no especifica un n\u00famero de entradas de propiedad, por lo que la matriz debe terminar en nulo. Si no est\u00e1 terminada, esto puede provocar un fallo en el controlador del amplificador cs35l56, ya que el an\u00e1lisis del nodo se desv\u00eda del final de la matriz hacia una memoria desconocida.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…