Buffer Overrun Vulnerability in Linux Kernel Serial Drivers from Renesas

CVE-2025-40222

What is CVE-2025-40222?

A vulnerability has been identified in the Linux kernel affecting the serial drivers used in Renesas devices. The issue arises due to improper handling of the RSCI FIFO overrun. Specifically, shared receive error handling between RSCI and other SCIF port types leads to an out-of-bounds memory access, where the overrun_reg is indexed incorrectly. This mismanagement can cause system warnings and instability. To mitigate this, it is crucial for developers to implement safer register handling methods, ensuring that index accesses remain within validated boundaries.

References