← voltar
CVE-2025-22067

spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()

CVSS 7.8 HIGHEPSS 0.2%CWE-129
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 abr 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over the entire cdns_mrvl_xspi_clk_div_list array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, clamping the clock to the minimum 6.25 MHz. Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool: cdns_mrvl_xspi_setup_clock: unexpected end of section .text.cdns_mrvl_xspi_setup_clock
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Linux · Linux

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://git.kernel.org/stable/c/645f1813fe0dc96381c36b834131e643b798fd73https://git.kernel.org/stable/c/7ba0847fa1c22e7801cebfe5f7b75aee4fae317ehttps://git.kernel.org/stable/c/c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275https://git.kernel.org/stable/c/e50781bf7accc75883cb8a6a9921fb4e2fa8cca4