Out-of-Bounds Memory Read in Linux Kernel Affecting Firmware Components
CVE-2025-38330
What is CVE-2025-38330?
A vulnerability was identified in the Linux kernel that leads to an out-of-bounds memory read in the firmware component related to cs_dsp. This issue arises from improper length allocations during operations in the KUnit test framework, resulting in inconsistencies between expected and actual memory access sizes. Specifically, the code mistakenly alters the mock_coeff_template.length_bytes during register value allocations from 4 bytes to 8 bytes, which has been shown to generate failures in the testing process. The vulnerability is mitigated by reverting to the original length of 4 bytes for all operations, effectively ensuring memory safety and stability within the affected firmware components.
Affected Version(s)
Linux 9b33a4fc500cedc1adc9c0ee01e30ffd50e5887a
Linux 9b33a4fc500cedc1adc9c0ee01e30ffd50e5887a
Linux 6.14