CVE-2025-39728

clk: samsung: Fix UBSAN panic in samsung_clk_init()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to
dereferencing `ctx->clk_data.hws` before setting
`ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: samsung: Corregir el pánico de UBSAN en samsung_clk_init(). Con UBSAN_ARRAY_BOUNDS=y, se produce el pánico indicado debido a la desreferencia de `ctx->clk_data.hws` antes de configurar `ctx->clk_data.num = nr_clks`. Corregir esta vulnerabilidad para corregir el fallo. UBSAN: índice de matriz fuera de los límites: 00000000f2005512 [#1] PREEMPT SMP Rastreo de llamadas: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-04-18 CVE Published
2025-05-26 CVE Updated
2025-08-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/e620a1e061c4738e26c3edf2abaae7842532cd80	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/00307934eb94aaa0a99addfb37b9fe206f945004	2025-04-10
https://git.kernel.org/stable/c/d974e177369c034984cece9d7d4fada9f8b9c740	2025-04-10
https://git.kernel.org/stable/c/0fef48f4a70e45a93e73c39023c3a6ea624714d6	2025-04-10
https://git.kernel.org/stable/c/4d29a6dcb51e346595a15b49693eeb728925ca43	2025-04-10
https://git.kernel.org/stable/c/24307866e0ac0a5ddb462e766ceda5e27a6fbbe3	2025-04-10
https://git.kernel.org/stable/c/a1500b98cd81a32fdfb9bc63c33bb9f0c2a0a1bf	2025-04-10
https://git.kernel.org/stable/c/157de9e48007a20c65d02fc0229a16f38134a72d	2025-04-10
https://git.kernel.org/stable/c/d19d7345a7bcdb083b65568a11b11adffe0687af	2025-02-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.236 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.236"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.15.180 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.15.180"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.1.134 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.1.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.6.87 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.6.87"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.12.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.12.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.13.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.13.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.14.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.14.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.15"		en		Affected