CVE-2025-39935

Published: Oct 4, 2025Modified: Mar 25, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() The sma1307->set.header_size is how many integers are in the header (there are 8 of them) but instead of allocating space of 8 integers we allocate 8 bytes. This leads to memory corruption when we copy data it on the next line: memcpy(sma1307->set.header, data, sma1307->set.header_size * sizeof(int)); Also since we're immediately copying over the memory in ->set.header, there is no need to zero it in the allocator. Use devm_kmalloc_array() to allocate the memory instead.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.16.9
Linux Linux Kernel	Version 6.17 rc1
Linux Linux Kernel	Version 6.17 rc2
Linux Linux Kernel	Version 6.17 rc3
Linux Linux Kernel	Version 6.17 rc4
Linux Linux Kernel	Version 6.17 rc5
Linux Linux Kernel	Version 6.17 rc6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://git.kernel.org/stable/c/78338108b5a856dc98223a335f147846a8a18c51

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/cd59ca8f75dbb42a67fcae975c766114644e36c4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.