CVE-2025-38081

HIGH

Linux Kernel 5.14-6.14.8 - Out-of-bounds Read in SPI Rockchip Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f

Patch

https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1f255f48dd5fca90

Patch

https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a57c6a849895d6ff

Patch

https://git.kernel.org/stable/c/7a874e8b54ea21094f7fd2d428b164394c6cb316

Scores

CVSS v3 7.1

EPSS 0.0015

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (14)

linux/Kernel 5.14.0 - 6.6.93linux

linux/Kernel 6.13.0 - 6.14.9linux

linux/Kernel 6.7.0 - 6.12.31linux

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 6.12.31 - 6.12.*

Linux/Linux 6.14.9 - 6.14.*

Linux/Linux 6.15

Linux/Linux 6.6.93 - 6.6.*

Linux/Linux 736b81e075172f1e6cd7a8bc1a1374a2dee9e4dc - 254e04ec799c1ff8c1e2bd08a57c6a849895d6ff

... and 4 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026