CVE-2025-68773
Published: Jan 13, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd. Add the missing length parity verification and remain in 8 bit mode when the length is not even.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 60afe299bb541a928ba39bcb4ae8d3e428d1c5a5 - < c8f1d35076b78df61ace737e41cc1f4b7b63236caffected 4badd33929c05ed314794b95f1af1308f7222be8 - < 9c34a4a2ead00979d203a8c16bea87f0ef5291d8affected 7f6738e003b364783f3019fdf6e7645bc8dd1643 - < 837a23a11e0f734f096c7c7b0778d0e625e3dc87affected fc96ec826bced75cc6b9c07a4ac44bbf651337ab - < 3dd6d01384823e1bd8602873153d6fc4337ac4feaffected fc96ec826bced75cc6b9c07a4ac44bbf651337ab - < 743cebcbd1b2609ec5057ab474979cef73d1b681+15 more versions |
Linux | Linux | affected 6.4unaffected 0 - < 6.4unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now