CVE-2025-68773
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's fsl-cpm SPI driver. It occurs because the driver switches to 16-bit mode for SPI transfers assuming the transfer size is even, but it does not verify that the size is actually even. A recent change introduced a dynamically allocated bounce buffer sized exactly to the transfer length, which can be odd. This leads to a buffer overrun when the size is odd because the driver incorrectly uses 16-bit mode without checking length parity. The fix adds a check to ensure the length is even before switching to 16-bit mode, otherwise it stays in 8-bit mode.
How can this vulnerability impact me? :
This vulnerability can cause a buffer overrun in the fsl-cpm SPI driver when handling SPI transfers of odd length sizes. Buffer overruns can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges depending on the context in which the driver is used.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the fsl-cpm SPI driver, which adds length parity verification before switching to 16 bit mode. This prevents buffer overruns caused by odd-sized transfers. Until the update is applied, avoid using SPI transfers with odd sizes on affected hardware.