Detections
Analytics

CVE-2025-68773

medium

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd. Add the missing length parity verification and remain in 8 bit mode when the length is not even.

References

https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771

https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87

https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681

https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe

https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762

Details

Source: Mitre, NVD

Published: 2026-01-13

Updated: 2026-01-14

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018