Out-of-Bounds Stack Access Vulnerability in Linux Kernel's SPI Driver by AMD
CVE-2025-40014

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

An out-of-bounds stack access vulnerability exists in the AMD SPI driver within the Linux kernel. The flaw arises from the amd_set_spi_freq() function, which, when provided with a speed_hz value lower than the required AMD_SPI_MIN_HZ, improperly iterates beyond the bounds of the amd_spi_freq array. This could result in unsafe memory access and lead to potential system instability or exploitation. The vulnerability has been addressed by correcting the loop condition to prevent exceeding the array bounds, ensuring safe operation of the SPI driver and the overall integrity of the Linux kernel.

Affected Version(s)

Linux 3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a < 7f2c746e09a3746bf937bc708129dc8af61d8f19

Linux 3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a < 76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc

Linux 6.1

References

https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708...

https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda6...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025