CVE-2025-38081 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a57c6a849895d6ff
https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f
https://git.kernel.org/stable/c/7a874e8b54ea21094f7fd2d428b164394c6cb316
https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1f255f48dd5fca90
https://lore.kernel.org/linux-cve-announce/2025061842-CVE-2025-38081-8916@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38081
https://www.cve.org/CVERecord?id=CVE-2025-38081

History

Fri, 20 Jun 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061842-CVE-2025-38081-8916@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38081 https://www.cve.org/CVERecord?id=CVE-2025-38081
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 18 Jun 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense.
Title		spi-rockchip: Fix register out of bounds access
References		https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a57c6a849895d6ff https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f https://git.kernel.org/stable/c/7a874e8b54ea21094f7fd2d428b164394c6cb316 https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1f255f48dd5fca90

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T09:33:54.564Z

Updated: 2025-07-15T15:43:57.474Z

Reserved: 2025-04-16T04:51:23.981Z

Link: CVE-2025-38081

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-06-18T10:15:41.767

Modified: 2025-06-18T13:46:52.973

Link: CVE-2025-38081

Redhat

Severity : Moderate

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2025-38081 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object