CVE-2025-37832

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: sun50i: prevent out-of-bounds access A KASAN enabled kernel reports an out-of-bounds access when handling the nvmem cell in the sun50i cpufreq driver: ================================================================== BUG: KASAN: slab-out-of-bounds in sun50i_cpufreq_nvmem_probe+0x180/0x3d4 Read of size 4 at addr ffff000006bf31e0 by task kworker/u16:1/38 This is because the DT specifies the nvmem cell as covering only two bytes, but we use a u32 pointer to read the value. DTs for other SoCs indeed specify 4 bytes, so we cannot just shorten the variable to a u16. Fortunately nvmem_cell_read() allows to return the length of the nvmem cell, in bytes, so we can use that information to only access the valid portion of the data. To cover multiple cell sizes, use memcpy() to copy the information into a zeroed u32 buffer, then also make sure we always read the data in little endian fashion, as this is how the data is stored in the SID efuses.

Reserved 2025-04-16 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Linux

Product status

Default status
unaffected

6cc4bcceff9af0e6be9738096d95e4ba75e75123 before 40bf7f560ca4c2468d518cebf14561bc864f58f8
affected

6cc4bcceff9af0e6be9738096d95e4ba75e75123 before dba5a1f963cf781c0b60f4b7f07465a6c687c27e
affected

6cc4bcceff9af0e6be9738096d95e4ba75e75123 before 14c8a418159e541d70dbf8fc71225d1623beaf0f
affected

Default status
affected

6.10
affected

Any version before 6.10
unaffected

6.12.26
unaffected

6.14.5
unaffected

6.15-rc4
unaffected

References

git.kernel.org/...c/40bf7f560ca4c2468d518cebf14561bc864f58f8

git.kernel.org/...c/dba5a1f963cf781c0b60f4b7f07465a6c687c27e

git.kernel.org/...c/14c8a418159e541d70dbf8fc71225d1623beaf0f

cve.org (CVE-2025-37832)

nvd.nist.gov (CVE-2025-37832)

Download JSON