CVE-2025-38573
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2025-11-26
Generated
2026-05-06
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38573
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's spi: cs42l43 driver where a property entry array is not properly null-terminated. Because the software node does not specify how many property entries exist, the array must end with a null entry. If it is not null-terminated, the downstream cs35l56 amplifier driver may read beyond the array into unknown memory, causing a fault.


How can this vulnerability impact me? :

The impact of this vulnerability is that it can cause a fault or crash in the cs35l56 amplifier driver due to reading memory beyond the intended array. This could lead to system instability or unexpected behavior in audio-related functions relying on this driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart