CVE-2025-39935

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded()

The sma1307->set.header_size is how many integers are in the header (there are 8 of them) but instead of allocating space of 8 integers we allocate 8 bytes. This leads to memory corruption when we copy data it on the next line:

    memcpy(sma1307->set.header, data,
           sma1307->set.header_size * sizeof(int));

Also since we're immediately copying over the memory in ->set.header, there is no need to zero it in the allocator. Use devm_kmalloc_array() to allocate the memory instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux576c57e6b4c1d734bcb7cc33dde9a99a9383b520 < cd59ca8f75dbb42a67fcae975c766114644e36c4affected
LinuxLinux576c57e6b4c1d734bcb7cc33dde9a99a9383b520 < 78338108b5a856dc98223a335f147846a8a18c51affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.16.9 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References