CVE-2025-40014

objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the
entire amd_spi_freq array without breaking out early, causing 'i' to go
beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low
speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: objtool, spi: amd: Se corrige el acceso a la pila fuera de los límites en amd_set_spi_freq(). Si speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() itera sobre toda la matriz amd_spi_freq sin interrumpir la ejecución antes de tiempo, lo que provoca que 'i' supere los límites de la matriz. Para solucionar esto, se detiene el bucle al llegar a la última entrada, de modo que el valor bajo de speed_hz se limite a AMD_SPI_MIN_HZ. Se corrige la siguiente advertencia con un kernel UBSAN: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falla a la siguiente función amd_spi_set_opcode().

In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-04-18 CVE Published
2025-04-30 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708129dc8af61d8f19	2025-04-10
https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc	2025-03-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.14.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.14.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.15-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.15-rc1"		en		Affected