Unix Kernel Vulnerability in Samsung Clock Initialization
CVE-2025-39728

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-39728?

A vulnerability has been identified in the Linux kernel related to Samsung's clock initialization mechanism. The issue arises when the code attempts to dereference a pointer to clock data before properly initializing it, leading to a potential crash. This flaw can be triggered with the UBSAN_ARRAY_BOUNDS option enabled, causing the system to panic due to an attempt to access an array index that exceeds its bounds. Proper adjustments have been made in the code to ensure safe initialization and prevent such crashes.

Affected Version(s)

Linux e620a1e061c4738e26c3edf2abaae7842532cd80 < 00307934eb94aaa0a99addfb37b9fe206f945004

Linux e620a1e061c4738e26c3edf2abaae7842532cd80

Linux e620a1e061c4738e26c3edf2abaae7842532cd80 < 0fef48f4a70e45a93e73c39023c3a6ea624714d6

References

https://git.kernel.org/stable/c/00307934eb94aaa0a99addfb3...

https://git.kernel.org/stable/c/d974e177369c034984cece9d7...

https://git.kernel.org/stable/c/0fef48f4a70e45a93e73c3902...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025

JSON