CVE-2025-68773

EPSS 0.03%
Veröffentlicht 13.01.2026 15:28:50
Zuletzt bearbeitet 19.01.2026 13:16:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

spi: fsl-cpm: Check length parity before switching to 16 bit mode

Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers
with even size") failed to make sure that the size is really even
before switching to 16 bit mode. Until recently the problem went
unnoticed because kernfs uses a pre-allocated bounce buffer of size
PAGE_SIZE for reading EEPROM.

But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API")
introduced an additional dynamically allocated bounce buffer whose size
is exactly the size of the transfer, leading to a buffer overrun in
the fsl-cpm driver when that size is odd.

Add the missing length parity verification and remain in 8 bit mode
when the length is not even.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c8f1d35076b78df61ace737e41cc1f4b7b63236c

Version 60afe299bb541a928ba39bcb4ae8d3e428d1c5a5

Status affected

Version < 9c34a4a2ead00979d203a8c16bea87f0ef5291d8

Version 4badd33929c05ed314794b95f1af1308f7222be8

Status affected

Version < 837a23a11e0f734f096c7c7b0778d0e625e3dc87

Version 7f6738e003b364783f3019fdf6e7645bc8dd1643

Status affected

Version < 3dd6d01384823e1bd8602873153d6fc4337ac4fe

Version fc96ec826bced75cc6b9c07a4ac44bbf651337ab

Status affected

Version < 743cebcbd1b2609ec5057ab474979cef73d1b681

Version fc96ec826bced75cc6b9c07a4ac44bbf651337ab

Status affected

Version < be0b613198e6bfa104ad520397cab82ad3ec1771

Version fc96ec826bced75cc6b9c07a4ac44bbf651337ab

Status affected

Version < 1417927df8049a0194933861e9b098669a95c762

Version fc96ec826bced75cc6b9c07a4ac44bbf651337ab

Status affected

Version 42c04316d9275ec267d36e5e9064cd56c9884148

Status affected

Version dc120f2d35b030390a2bc0f94dd5f37e900cae91

Status affected

Version b558275c1b040f0e5aa56c862241f9212b6118c3

Status affected

Version b9d9e8856f1c83e4277403f9b4c369b322ebcb12

Status affected

Version 36a6d0f66c874666caf4e8be155b1be30f6231be

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.4

Status affected

Version < 6.4

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87

https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe

https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681

https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771

https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762

https://git.kernel.org/stable/c/9c34a4a2ead00979d203a8c16bea87f0ef5291d8

https://git.kernel.org/stable/c/c8f1d35076b78df61ace737e41cc1f4b7b63236c

https://nvd.nist.gov/vuln/detail/CVE-2025-68773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68773

EUVD