CVE-2025-68777
Description
In the Linux kernel, the following vulnerability has been resolved:
Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows wire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds access when used as index in 'config_pins[wire_order[i]]'.
Since config_pins has 4 elements (indices 0-3), the valid range for wire_order should be 0-3. Fix the off-by-one error by using >= instead of > in the validation check.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An off-by-one error in ti_am335x_tsc driver wire_order validation allows out-of-bounds array access, potentially causing memory corruption.
Vulnerability
Description
In the TI AM335x touchscreen controller (TSC) driver within the Linux kernel, an off-by-one error exists in the validation of the wire_order array. The check wire_order[i] > ARRAY_SIZE(config_pins) permits values equal to ARRAY_SIZE(config_pins) (which is 4) to pass validation. Since config_pins config_pins` is a 4-element array (indices 0–3), a value of 4 leads to an out-of-bounds read/write when used as an index [1][2][3].
Exploitation and
Attack Surface
The vulnerability can be triggered through specially crafted input that sets wire_order elements to invalid values (>=4). No special privileges are required beyond the ability to interact with the TSC device interface. The attack surface is local, and exploitation would typically require physical access or a malicious program running on the system.
Impact
An attacker could use this bug to read or write memory outside the config_pins array, potentially causing memory corruption, denial of service (kernel panic), or in some cases privilege escalation. The specific impact depends on system memory layout and the attacker's ability to control the ability to control the out-of-bounds index [1][2][3].
Mitigation
The fix changes the comparison from > to >=, ensuring only indices 0–3 are accepted. The commit is merged in stable kernel trees. Users should apply the latest kernel updates containing this patch [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/08c0b561823a7026364efb38ed7f4a3af48ccfcdnvd
- git.kernel.org/stable/c/136abe173a3cc2951d70c6e51fe7abdbadbb204bnvd
- git.kernel.org/stable/c/248d3a73a0167dce15ba100477c3e778c4787178nvd
- git.kernel.org/stable/c/40e3042de43ffa0017a8460ff9b4cad7b8c7cb96nvd
- git.kernel.org/stable/c/84e4d3543168912549271b34261f5e0f94952d6envd
- git.kernel.org/stable/c/a7ff2360431561b56f559d3a628d1f096048d178nvd
- git.kernel.org/stable/c/bf95ec55805828c4f2b5241fb6b0c12388548570nvd
News mentions
0No linked articles in our index yet.