CVE-2025-38446

HIGH EPSS 4.5%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data When num_parents is 4, __clk_register() occurs an out-of-bounds when accessing parent_names member. Use ARRAY_SIZE() instead of hardcode number here. BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x8c/0xcc print_report+0x398/0x5fc kasan_report+0xd4/0x114 __asan_report_load8_noabort+0x20/0x2c __clk_register+0x1844/0x20d8 clk_hw_register+0x44/0x110 __clk_hw_register_mux+0x284/0x3a8 imx95_bc_probe+0x4f4/0xa70

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.10  –  <6.12.39
linuxlinux_kernel*≥6.13  –  <6.15.7
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5
    Patch