Out of Bounds Access Vulnerability in Linux Kernel's SPI-Rockchip Driver
CVE-2025-38081

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38081?

An out of bounds access vulnerability was identified in the SPI-Rockchip driver within the Linux kernel. This issue arises when handling GPIO chip selects, as the driver does not account for the possibility that GPIO numbers could exceed the range of native chip select lines. As a result, improper handling may lead to unintended consequences, including potential system instability or malfunction. It is essential to implement corrections to ensure that the driver properly manages GPIO identifiers and prevents out of bounds access.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4a120221661fcecb253448d7b041a52d47f1d91f

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 254e04ec799c1ff8c1e2bd08a57c6a849895d6ff

References

https://git.kernel.org/stable/c/4a120221661fcecb253448d7b...

https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1...

https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025