Out-of-Bounds Access Vulnerability in Linux Kernel Affecting NXP i.MX95

CVE-2025-38446

What is CVE-2025-38446?

An out-of-bounds access vulnerability has been identified in the Linux kernel in relation to the clk: imx subsystem. This flaw occurs during the execution of the __clk_register() function when processing the parent_names member, specifically under conditions where num_parents is set to 4. The vulnerability can lead to memory corruption, resulting in unauthorized access or manipulation of memory, making it a significant threat for systems utilizing NXP’s i.MX95 hardware. Mitigation strategies include updating the kernel to apply the necessary patches that rectify the out-of-bounds access by utilizing ARRAY_SIZE() instead of hardcoding specific values.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References