CVE-2025-38573

medium

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.

References

https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667

https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625

https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f

https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6

Details

Source: Mitre, NVD

Published: 2025-08-19

Updated: 2025-08-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018