Out-of-Bounds Access Vulnerability in Linux Kernel for Samsung Exynos CLK

CVE-2025-71143

What is CVE-2025-71143?

A vulnerability exists in the Linux kernel relating to the Samsung Exynos CLK subsystem. Specifically, an incorrect initialization order for the '.num' member of the 'struct clk_hw_onecell_data' can lead to out-of-bounds access of the '.hws[]' array. This issue arises when the number of elements is not set before the array is accessed, causing a potential safety violation as indicated by the Unix Bounds Sanitizer (UBSAN). To rectify the issue, it is essential to properly initialize '.num' before any access to '.hws[]' to prevent such warnings and enhance overall system stability.

References