CVE-2025-38446
- Source
- https://cve.org/CVERecord?id=CVE-2025-38446
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38446.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38446
- Downstream
- Related
- Published
- 2025-07-25T15:27:28.699Z
- Modified
- 2026-03-12T02:17:01.391493Z
- Summary
- clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: Fix an out-of-bounds access in dispmixcsrclkdevdata
When num_parents is 4, _clkregister() occurs an out-of-bounds when accessing parentnames member. Use ARRAYSIZE() instead of hardcode number here.
BUG: KASAN: global-out-of-bounds in __clkregister+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: eventsunbound deferred_probeworkfunc Call trace: dumpbacktrace+0x94/0xec showstack+0x18/0x24 dumpstacklvl+0x8c/0xcc printreport+0x398/0x5fc kasanreport+0xd4/0x114 __asanreportload8_noabort+0x20/0x2c __clkregister+0x1844/0x20d8 clkhw_register+0x44/0x110 _clkhwregistermux+0x284/0x3a8 imx95bcprobe+0x4f4/0xa70
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38446.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8
- https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f
- https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38446.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38446