CVE-2025-68773
Description
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-cpm: Check length parity before switching to 16 bit mode
Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM.
But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd.
Add the missing length parity verification and remain in 8 bit mode when the length is not even.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's spi-fsl-cpm driver, a missing length parity check before switching to 16-bit mode causes a buffer overrun when transfer size is odd, fixed by verifying even length.
The vulnerability exists in the Linux kernel's SPI driver for Freescale CPM. A prior commit introduced switching to 16-bit mode for large transfers but omitted a check that the transfer size is even. When an odd-sized transfer occurs, the driver incorrectly uses 16-bit mode, leading to a buffer overrun.
Exploitation requires an odd-length SPI transfer. Previously, this was hidden because a pre-allocated PAGE_SIZE bounce buffer (always even) was used for EEPROM reads. However, after the EEPROM driver (at25) switched to the spi-mem API, a dynamically allocated buffer exactly matching the transfer size is used, triggering the overrun on odd sizes.
An attacker could potentially exploit this buffer overrun to cause memory corruption or a system crash. The fix adds a length parity check, remaining in 8-bit mode when the size is odd, preventing the overrun.
The patch has been applied to the Linux kernel stable branches, and users should update to a patched kernel version.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762nvd
- git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fenvd
- git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681nvd
- git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87nvd
- git.kernel.org/stable/c/9c34a4a2ead00979d203a8c16bea87f0ef5291d8nvd
- git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771nvd
- git.kernel.org/stable/c/c8f1d35076b78df61ace737e41cc1f4b7b63236cnvd
News mentions
0No linked articles in our index yet.