CVE-2025-22067
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-22067
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22067.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-22067
- Downstream
- Published
- 2025-04-16T14:12:20Z
- Modified
- 2025-10-10T08:57:40.339590Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock()
If requestedclk > 128, cdnsmrvlxspisetupclock() iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the array bounds.
Fix that by stopping the loop when it gets to the last entry, clamping the clock to the minimum 6.25 MHz.
Fixes the following warning with an UBSAN kernel:
vmlinux.o: warning: objtool: cdnsmrvlxspisetupclock: unexpected end of section .text.cdnsmrvlxspisetupclock
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/645f1813fe0dc96381c36b834131e643b798fd73
- https://git.kernel.org/stable/c/7ba0847fa1c22e7801cebfe5f7b75aee4fae317e
- https://git.kernel.org/stable/c/c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275
- https://git.kernel.org/stable/c/e50781bf7accc75883cb8a6a9921fb4e2fa8cca4
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26d34fdc49712ddbd42b11102f5d9d78a0f42097Fixede50781bf7accc75883cb8a6a9921fb4e2fa8cca4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26d34fdc49712ddbd42b11102f5d9d78a0f42097Fixedc1fb84e274cb6a2bce6ba5e65116c06e0b3ab275
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26d34fdc49712ddbd42b11102f5d9d78a0f42097Fixed645f1813fe0dc96381c36b834131e643b798fd73
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26d34fdc49712ddbd42b11102f5d9d78a0f42097Fixed7ba0847fa1c22e7801cebfe5f7b75aee4fae317e
Affected versions
v6.*
v6.11
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1