CVE-2025-38662

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38662
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38662.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38662
Downstream
Published
2025-08-22T16:02:55.078Z
Modified
2025-12-02T17:24:18.772014Z
Summary
ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365daiset_priv

Given mt8365daisetpriv allocate privsize space to copy privdata which means we should pass mt8365i2spriv[i] or "struct mtkafei2spriv" instead of afepriv which has the size of "struct mt8365afe_private".

Otherwise the KASAN complains about.

[ 59.389765] BUG: KASAN: global-out-of-bounds in mt8365daisetpriv+0xc8/0x168 [sndsocmt8365pcm] ... [ 59.394789] Call trace: [ 59.395167] dumpbacktrace+0xa0/0x128 [ 59.395733] showstack+0x20/0x38 [ 59.396238] dumpstacklvl+0xe8/0x148 [ 59.396806] printreport+0x37c/0x5e0 [ 59.397358] kasanreport+0xac/0xf8 [ 59.397885] kasancheckrange+0xe8/0x190 [ 59.398485] asanmemcpy+0x3c/0x98 [ 59.399022] mt8365daisetpriv+0xc8/0x168 [sndsocmt8365pcm] [ 59.399928] mt8365daii2sregister+0x1e8/0x2b0 [sndsocmt8365pcm] [ 59.400893] mt8365afepcmdevprobe+0x4d0/0xdf0 [sndsocmt8365pcm] [ 59.401873] platformprobe+0xcc/0x228 [ 59.402442] reallyprobe+0x340/0x9e8 [ 59.402992] driverprobedevice+0x16c/0x3f8 [ 59.403638] driverprobedevice+0x64/0x1d8 [ 59.404256] driverattach+0x1dc/0x4c8 [ 59.404840] busforeachdev+0x100/0x190 [ 59.405442] driverattach+0x44/0x68 [ 59.405980] busadddriver+0x23c/0x500 [ 59.406550] driverregister+0xf8/0x3d0 [ 59.407122] platformdriverregister+0x68/0x98 [ 59.407810] mt8365afepcmdriverinit+0x2c/0xff8 [sndsocmt8365_pcm]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38662.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
402bbb13a195caa83b3279ebecdabfb11ddee084
Fixed
1dc0ed16cfbc3c28a07a89904071cfa802fdcee1
Fixed
6e621dd99c57db916842865debaa65f20bbd6d8e
Fixed
6bea85979d05470e6416a2bb504a9bcd9178304c

Affected versions

v6.*

v6.11
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38662.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.41
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38662.json"