Buffer Overflow in MediaTek MT8365 I2S Driver by Linux Vendor
CVE-2025-38662

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38662?

A buffer overflow vulnerability exists in the MediaTek MT8365 I2S driver within the Linux kernel. This vulnerability arises when incorrect size parameters are passed to the 'mt8365_dai_set_priv' function, which is responsible for memory allocation. The function allocates memory for 'priv_data' but uses an incorrect structure size, potentially leading to out-of-bounds memory access. This situation triggers a Kernel Address Sanitizer (KASAN) alert, indicating a serious flaw that could be exploited. It is crucial for users of the affected driver to apply the recommended patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux 402bbb13a195caa83b3279ebecdabfb11ddee084 < 1dc0ed16cfbc3c28a07a89904071cfa802fdcee1

Linux 402bbb13a195caa83b3279ebecdabfb11ddee084 < 6e621dd99c57db916842865debaa65f20bbd6d8e

Linux 402bbb13a195caa83b3279ebecdabfb11ddee084 < 6bea85979d05470e6416a2bb504a9bcd9178304c

References

https://git.kernel.org/stable/c/1dc0ed16cfbc3c28a07a89904...

https://git.kernel.org/stable/c/6e621dd99c57db916842865de...

https://git.kernel.org/stable/c/6bea85979d05470e6416a2bb5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025