CVE-2025-38446

EPSS 0.03%
Veröffentlicht 25.07.2025 16:15:30
Zuletzt bearbeitet 29.07.2025 14:14:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data

When num_parents is 4, __clk_register() occurs an out-of-bounds
when accessing parent_names member. Use ARRAY_SIZE() instead of
hardcode number here.

 BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8
 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59
  Hardware name: NXP i.MX95 19X19 board (DT)
  Workqueue: events_unbound deferred_probe_work_func
  Call trace:
    dump_backtrace+0x94/0xec
    show_stack+0x18/0x24
    dump_stack_lvl+0x8c/0xcc
    print_report+0x398/0x5fc
    kasan_report+0xd4/0x114
    __asan_report_load8_noabort+0x20/0x2c
    __clk_register+0x1844/0x20d8
    clk_hw_register+0x44/0x110
    __clk_hw_register_mux+0x284/0x3a8
    imx95_bc_probe+0x4f4/0xa70

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < fcee75daecc5234ee3482d8cf3518bf021d8a0a5

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

Version < a956daad67cec454ee985e103e167711fab5b9b8

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

Version < aacc875a448d363332b9df0621dde6d3a225ea9f

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.10

Status affected

Version < 6.10

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8

https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f

https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5

https://nvd.nist.gov/vuln/detail/CVE-2025-38446

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38446

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38446

EUVD