CVE-2025-38573

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: cs42l43: Property entry should be a null-terminated array

The software node does not specify a count of property entries, so the array must be null-terminated.

When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0ca645ab5b1528666f6662a0e620140355b5aea3 < 674328102baad76c7a06628efc01974ece5ae27faffected
LinuxLinux0ca645ab5b1528666f6662a0e620140355b5aea3 < 9f0035ae38d2571f5ddedc829d74492013caa625affected
LinuxLinux0ca645ab5b1528666f6662a0e620140355b5aea3 < 139b5df757a0aa436f763b0038e0b73808d2f4b6affected
LinuxLinux0ca645ab5b1528666f6662a0e620140355b5aea3 < ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.12.42 <= 6.12.*unaffected
LinuxLinux6.15.10 <= 6.15.*unaffected
LinuxLinux6.16.1 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References