CVE-2025-39728
MEDIUMLinux Kernel < 5.10.236 - Improper Array Index Validation
Title source: ruleDescription
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...
References (10)
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
28.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-129
Status
published
Products (8)
linux/Kernel
5.11.0 - 5.15.180linux
linux/Kernel
5.16.0 - 6.1.134linux
linux/Kernel
5.5.0 - 5.10.236linux
linux/Kernel
6.13.0 - 6.13.11linux
linux/Kernel
6.14.0 - 6.14.2linux
linux/Kernel
6.2.0 - 6.6.87linux
linux/Kernel
6.7.0 - 6.12.23linux
linux/linux_kernel
5.5 - 5.10.236
Published
Apr 18, 2025
Tracked Since
Feb 18, 2026