CVE-2025-39728

MEDIUM

Linux Kernel 5.5-6.14.2 - Out-of-Bounds Array Indexing in Samsung Clock Initialization

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-129
Status published
Products (26)
linux/Kernel 5.11.0 - 5.15.180linux
linux/Kernel 5.16.0 - 6.1.134linux
linux/Kernel 5.5.0 - 5.10.236linux
linux/Kernel 6.13.0 - 6.13.11linux
linux/Kernel 6.14.0 - 6.14.2linux
linux/Kernel 6.2.0 - 6.6.87linux
linux/Kernel 6.7.0 - 6.12.23linux
Linux/Linux < 5.5
Linux/Linux 5.10.236 - 5.10.*
Linux/Linux 5.15.180 - 5.15.*
... and 16 more
Published Apr 18, 2025
Tracked Since Feb 18, 2026