CVE-2025-38446

Description

In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data When num_parents is 4, __clk_register() occurs an out-of-bounds when accessing parent_names member. Use ARRAY_SIZE() instead of hardcode number here. BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x8c/0xcc print_report+0x398/0x5fc kasan_report+0xd4/0x114 __asan_report_load8_noabort+0x20/0x2c __clk_register+0x1844/0x20d8 clk_hw_register+0x44/0x110 __clk_hw_register_mux+0x284/0x3a8 imx95_bc_probe+0x4f4/0xa70

Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linux

Product status

Default status
unaffected

5224b189462ff70df328f173b71acfd925092c3c before fcee75daecc5234ee3482d8cf3518bf021d8a0a5
affected

5224b189462ff70df328f173b71acfd925092c3c before a956daad67cec454ee985e103e167711fab5b9b8
affected

5224b189462ff70df328f173b71acfd925092c3c before aacc875a448d363332b9df0621dde6d3a225ea9f
affected

Default status
affected

6.10
affected

Any version before 6.10
unaffected

6.12.39
unaffected

6.15.7
unaffected

6.16-rc6
unaffected

References

git.kernel.org/...c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5

git.kernel.org/...c/a956daad67cec454ee985e103e167711fab5b9b8

git.kernel.org/...c/aacc875a448d363332b9df0621dde6d3a225ea9f

cve.org (CVE-2025-38446)

nvd.nist.gov (CVE-2025-38446)

Download JSON