Out-of-Bounds Access Vulnerability in Linux Kernel Affecting NXP i.MX95

CVE-2025-38446

What is CVE-2025-38446?

An out-of-bounds access vulnerability has been identified in the Linux kernel in relation to the clk: imx subsystem. This flaw occurs during the execution of the __clk_register() function when processing the parent_names member, specifically under conditions where num_parents is set to 4. The vulnerability can lead to memory corruption, resulting in unauthorized access or manipulation of memory, making it a significant threat for systems utilizing NXP’s i.MX95 hardware. Mitigation strategies include updating the kernel to apply the necessary patches that rectify the out-of-bounds access by utilizing ARRAY_SIZE() instead of hardcoding specific values.

References