CVE-2025-68773

NONE EPSS 6.9%
Published Jan 13, 20265mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd. Add the missing length parity verification and remain in 8 bit mode when the length is not even.

Threat Intelligence

EPSS Exploit Probability
6.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762
  • git.kernel.org https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe
  • git.kernel.org https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681
  • git.kernel.org https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87
  • git.kernel.org https://git.kernel.org/stable/c/9c34a4a2ead00979d203a8c16bea87f0ef5291d8
  • git.kernel.org https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771
  • git.kernel.org https://git.kernel.org/stable/c/c8f1d35076b78df61ace737e41cc1f4b7b63236c

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.