CVE-2025-38446
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38446
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38446.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38446
- Downstream
- Published
- 2025-07-25T16:15:30Z
- Modified
- 2025-08-13T12:49:54.886814Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: Fix an out-of-bounds access in dispmixcsrclkdevdata
When numparents is 4, _clkregister() occurs an out-of-bounds when accessing parentnames member. Use ARRAY_SIZE() instead of hardcode number here.
BUG: KASAN: global-out-of-bounds in _clkregister+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: eventsunbound deferredprobeworkfunc Call trace: dumpbacktrace+0x94/0xec showstack+0x18/0x24 dumpstacklvl+0x8c/0xcc printreport+0x398/0x5fc kasanreport+0xd4/0x114 _asanreportload8noabort+0x20/0x2c _clkregister+0x1844/0x20d8 clkhwregister+0x44/0x110 _clkhwregistermux+0x284/0x3a8 imx95bcprobe+0x4f4/0xa70
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected