The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce (spi: fsl-cpm: Use     16 bit mode for large transfers with even size) failed to make sure that the size is really even before     switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated     bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 (eeprom: at25: convert to     spi-mem API) introduced an additional dynamically allocated bounce buffer whose size is exactly the size     of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd. Add the missing     length parity verification and remain in 8 bit mode when the length is not even. (CVE-2025-68773)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-68773

medium Nessus Plugin ID 283607

Version 1.8