Out-of-Bounds Memory Access in Linux Kernel by Vendor
CVE-2025-38340

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38340?

A vulnerability in the Linux kernel firmware related to the 'cs_dsp' component has been identified, which allows for out-of-bounds memory read access during KUnit tests. This issue arises when the length of the source string used in the function 'cs_dsp_mock_bin_add_name_or_info()' is improperly rounded, leading to potential security risks. The Kernel Address Sanitizer (KASAN) has flagged this problem, highlighting the importance of addressing such memory management concerns to ensure system stability and integrity.

Affected Version(s)

Linux 7c052c6615297ff32032105130cd5f02059f7ae4 < 8f4cc454a0bb45b800bc7817c09c8f72e31901f3

Linux 7c052c6615297ff32032105130cd5f02059f7ae4

Linux 6.14

References

https://git.kernel.org/stable/c/8f4cc454a0bb45b800bc7817c...

https://git.kernel.org/stable/c/fe6446215bfad11cf3b446f38...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025