Memory Corruption in SMA1307 Codec in Linux Kernel
CVE-2025-39935

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39935?

A memory corruption vulnerability exists in the SMA1307 codec within the Linux kernel, stemming from improper memory allocation. Specifically, while the size of the header comprising eight integers necessitates a memory allocation for eight integers, an incorrect allocation of only eight bytes leads to corruption during data copy operations. This flaw can be exploited when the memory in the 'set.header' buffer is filled without prior proper allocation, creating potential instability and security risks in affected systems. It is recommended to utilize 'devm_kmalloc_array()' to ensure correct memory allocation, thus mitigating the issue effectively.

Affected Version(s)

Linux 576c57e6b4c1d734bcb7cc33dde9a99a9383b520

Linux 576c57e6b4c1d734bcb7cc33dde9a99a9383b520 < 78338108b5a856dc98223a335f147846a8a18c51

Linux 6.13

References

https://git.kernel.org/stable/c/cd59ca8f75dbb42a67fcae975...

https://git.kernel.org/stable/c/78338108b5a856dc98223a335...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON