CVE-2025-38446
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38446
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38446.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38446
- Downstream
- Published
- 2025-07-25T15:27:28Z
- Modified
- 2025-10-18T04:41:24.056763Z
- Summary
- clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: Fix an out-of-bounds access in dispmixcsrclkdevdata
When numparents is 4, _clkregister() occurs an out-of-bounds when accessing parentnames member. Use ARRAY_SIZE() instead of hardcode number here.
BUG: KASAN: global-out-of-bounds in _clkregister+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: eventsunbound deferredprobeworkfunc Call trace: dumpbacktrace+0x94/0xec showstack+0x18/0x24 dumpstacklvl+0x8c/0xcc printreport+0x398/0x5fc kasanreport+0xd4/0x114 _asanreportload8noabort+0x20/0x2c _clkregister+0x1844/0x20d8 clkhwregister+0x44/0x110 _clkhwregistermux+0x284/0x3a8 imx95bcprobe+0x4f4/0xa70
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5224b189462ff70df328f173b71acfd925092c3cFixedfcee75daecc5234ee3482d8cf3518bf021d8a0a5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5224b189462ff70df328f173b71acfd925092c3cFixeda956daad67cec454ee985e103e167711fab5b9b8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5224b189462ff70df328f173b71acfd925092c3cFixedaacc875a448d363332b9df0621dde6d3a225ea9f