CVE-2025-39935
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded()
The sma1307->set.header_size is how many integers are in the header (there are 8 of them) but instead of allocating space of 8 integers we allocate 8 bytes. This leads to memory corruption when we copy data it on the next line:
memcpy(sma1307->set.header, data,
sma1307->set.header_size * sizeof(int));
Also since we're immediately copying over the memory in ->set.header, there is no need to zero it in the allocator. Use devm_kmalloc_array() to allocate the memory instead.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 576c57e6b4c1d734bcb7cc33dde9a99a9383b520 < cd59ca8f75dbb42a67fcae975c766114644e36c4 | affected |
| Linux | Linux | 576c57e6b4c1d734bcb7cc33dde9a99a9383b520 < 78338108b5a856dc98223a335f147846a8a18c51 | affected |
| Linux | Linux | 6.13 | affected |
| Linux | Linux | 0 < 6.13 | unaffected |
| Linux | Linux | 6.16.9 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/cd59ca8f75dbb42a67fcae975c766114644e36c4
- https://git.kernel.org/stable/c/78338108b5a856dc98223a335f147846a8a18c51
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.