CVE-2025-38573

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6	Patch
https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f	Patch
https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625	Patch
https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

26 Nov 2025, 19:59

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6 -~~	() https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6 - Patch
References	~~() https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f -~~	() https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f - Patch
References	~~() https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625 -~~	() https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625 - Patch
References	~~() https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667 -~~	() https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667 - Patch
CWE		NVD-CWE-Other
First Time		Linux linux Kernel Linux

Information

Published : 2025-08-19 17:15

Updated : 2025-11-26 19:59

NVD link : CVE-2025-38573

Mitre link : CVE-2025-38573

CVE.ORG link : CVE-2025-38573

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2025-38573", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-08-19T17:15:34.283", "references": [{"url": "https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cs42l43: La entrada de propiedad debe ser una matriz con terminaci\u00f3n nula. El nodo de software no especifica un n\u00famero de entradas de propiedad, por lo que la matriz debe terminar en nulo. Si no est\u00e1 terminada, esto puede provocar un fallo en el controlador del amplificador cs35l56, ya que el an\u00e1lisis del nodo se desv\u00eda del final de la matriz hacia una memoria desconocida."}], "lastModified": "2025-11-26T19:59:58.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8763925-0DBB-4581-B7CC-71A26867D63E", "versionEndExcluding": "6.12.42", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5890C690-B295-40C2-9121-FF5F987E5142", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58182352-D7DF-4CC9-841E-03C1D852C3FB", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}