| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072503-CVE-2025-38446-492b@gregkh>
Date: Fri, 25 Jul 2025 17:28:08 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38446: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
When num_parents is 4, __clk_register() occurs an out-of-bounds
when accessing parent_names member. Use ARRAY_SIZE() instead of
hardcode number here.
BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8
Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59
Hardware name: NXP i.MX95 19X19 board (DT)
Workqueue: events_unbound deferred_probe_work_func
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x8c/0xcc
print_report+0x398/0x5fc
kasan_report+0xd4/0x114
__asan_report_load8_noabort+0x20/0x2c
__clk_register+0x1844/0x20d8
clk_hw_register+0x44/0x110
__clk_hw_register_mux+0x284/0x3a8
imx95_bc_probe+0x4f4/0xa70
The Linux kernel CVE team has assigned CVE-2025-38446 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.10 with commit 5224b189462ff70df328f173b71acfd925092c3c and fixed in 6.12.39 with commit fcee75daecc5234ee3482d8cf3518bf021d8a0a5
Issue introduced in 6.10 with commit 5224b189462ff70df328f173b71acfd925092c3c and fixed in 6.15.7 with commit a956daad67cec454ee985e103e167711fab5b9b8
Issue introduced in 6.10 with commit 5224b189462ff70df328f173b71acfd925092c3c and fixed in 6.16-rc6 with commit aacc875a448d363332b9df0621dde6d3a225ea9f
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38446
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/clk/imx/clk-imx95-blk-ctl.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5
https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8
https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f
Powered by blists - more mailing lists