CVE-2025-38286

Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: at91: Fix possible out-of-boundary access

at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < 264a5cf0c422e65c94447a1ebebfac7c92690670affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < db5665cbfd766db7d8cd0e5fd6e3c0b412916774affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < 2ecafe59668d2506a68459a9d169ebe41a147a41affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < f1c1fdc41fbf7e308ced9c86f3f66345a3f6f478affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < eb435bc4c74acbb286cec773deac13d117d3ef39affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < e02e12d6a7ab76c83849a4122785650dc7edef65affected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < 288c39286f759314ee8fb3a80a858179b4f306daaffected
LinuxLinux6732ae5cb47c4f9a72727585956f2a5e069d1637 < 762ef7d1e6eefad9896560bfcb9bcf7f1b6df9c1affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux5.4.295 <= 5.4.*unaffected
LinuxLinux5.10.239 <= 5.10.*unaffected
LinuxLinux5.15.186 <= 5.15.*unaffected
LinuxLinux6.1.142 <= 6.1.*unaffected
LinuxLinux6.6.94 <= 6.6.*unaffected
LinuxLinux6.12.34 <= 6.12.*unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References