CVE-2025-68773
Description
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-cpm: Check length parity before switching to 16 bit mode
Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM.
But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd.
Add the missing length parity verification and remain in 8 bit mode when the length is not even.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
74- osv-coords73 versionspkg:linux/kernelpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 5.10.248+ 72 more
- (no CPE)range: < 5.10.248
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1.160000.2.7
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.20.27.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.53.31.1.150700.17.21.1
- (no CPE)range: < 6.12.0-160000.26.1.160000.2.7
- (no CPE)range: < 6.12.0-160000.26.1.160000.2.7
- (no CPE)range: < 6.4.0-39.1.21.16
- (no CPE)range: < 6.4.0-39.1.21.16
- (no CPE)range: < 6.12.0-160000.26.1.160000.2.7
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 1-150700.1.3.2
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-40.1
- (no CPE)range: < 6.4.0-40.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.7.31.2
- (no CPE)range: < 6.4.0-150700.20.27.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 6.4.0-39.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-40.1
- (no CPE)range: < 6.4.0-40.1
- (no CPE)range: < 6.4.0-150700.7.31.1
- (no CPE)range: < 6.4.0-150700.20.27.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.4.0-150700.7.31.1
- (no CPE)range: < 6.4.0-150700.53.31.1
- (no CPE)range: < 6.12.0-160000.26.1
- (no CPE)range: < 6.12.0-160000.26.1
Patches
Vulnerability mechanics
References
7- git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762nvd
- git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fenvd
- git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681nvd
- git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87nvd
- git.kernel.org/stable/c/9c34a4a2ead00979d203a8c16bea87f0ef5291d8nvd
- git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771nvd
- git.kernel.org/stable/c/c8f1d35076b78df61ace737e41cc1f4b7b63236cnvd
News mentions
0No linked articles in our index yet.