{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68773", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:30:51.035Z", "datePublished": "2026-01-13T15:28:50.686Z", "dateUpdated": "2026-01-13T15:28:50.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-01-13T15:28:50.686Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-cpm: Check length parity before switching to 16 bit mode\n\nCommit fc96ec826bce (\"spi: fsl-cpm: Use 16 bit mode for large transfers\nwith even size\") failed to make sure that the size is really even\nbefore switching to 16 bit mode. Until recently the problem went\nunnoticed because kernfs uses a pre-allocated bounce buffer of size\nPAGE_SIZE for reading EEPROM.\n\nBut commit 8ad6249c51d0 (\"eeprom: at25: convert to spi-mem API\")\nintroduced an additional dynamically allocated bounce buffer whose size\nis exactly the size of the transfer, leading to a buffer overrun in\nthe fsl-cpm driver when that size is odd.\n\nAdd the missing length parity verification and remain in 8 bit mode\nwhen the length is not even."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-spi.c"], "versions": [{"version": "7f6738e003b364783f3019fdf6e7645bc8dd1643", "lessThan": "837a23a11e0f734f096c7c7b0778d0e625e3dc87", "status": "affected", "versionType": "git"}, {"version": "fc96ec826bced75cc6b9c07a4ac44bbf651337ab", "lessThan": "3dd6d01384823e1bd8602873153d6fc4337ac4fe", "status": "affected", "versionType": "git"}, {"version": "fc96ec826bced75cc6b9c07a4ac44bbf651337ab", "lessThan": "743cebcbd1b2609ec5057ab474979cef73d1b681", "status": "affected", "versionType": "git"}, {"version": "fc96ec826bced75cc6b9c07a4ac44bbf651337ab", "lessThan": "be0b613198e6bfa104ad520397cab82ad3ec1771", "status": "affected", "versionType": "git"}, {"version": "fc96ec826bced75cc6b9c07a4ac44bbf651337ab", "lessThan": "1417927df8049a0194933861e9b098669a95c762", "status": "affected", "versionType": "git"}, {"version": "42c04316d9275ec267d36e5e9064cd56c9884148", "status": "affected", "versionType": "git"}, {"version": "dc120f2d35b030390a2bc0f94dd5f37e900cae91", "status": "affected", "versionType": "git"}, {"version": "b558275c1b040f0e5aa56c862241f9212b6118c3", "status": "affected", "versionType": "git"}, {"version": "60afe299bb541a928ba39bcb4ae8d3e428d1c5a5", "status": "affected", "versionType": "git"}, {"version": "4badd33929c05ed314794b95f1af1308f7222be8", "status": "affected", "versionType": "git"}, {"version": "b9d9e8856f1c83e4277403f9b4c369b322ebcb12", "status": "affected", "versionType": "git"}, {"version": "36a6d0f66c874666caf4e8be155b1be30f6231be", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-spi.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.29", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19-rc2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.244"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.114"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87"}, {"url": "https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe"}, {"url": "https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681"}, {"url": "https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771"}, {"url": "https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762"}], "title": "spi: fsl-cpm: Check length parity before switching to 16 bit mode", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-cpm: Check length parity before switching to 16 bit mode\n\nCommit fc96ec826bce (\"spi: fsl-cpm: Use 16 bit mode for large transfers\nwith even size\") failed to make sure that the size is really even\nbefore switching to 16 bit mode. Until recently the problem went\nunnoticed because kernfs uses a pre-allocated bounce buffer of size\nPAGE_SIZE for reading EEPROM.\n\nBut commit 8ad6249c51d0 (\"eeprom: at25: convert to spi-mem API\")\nintroduced an additional dynamically allocated bounce buffer whose size\nis exactly the size of the transfer, leading to a buffer overrun in\nthe fsl-cpm driver when that size is odd.\n\nAdd the missing length parity verification and remain in 8 bit mode\nwhen the length is not even."}], "id": "CVE-2025-68773", "lastModified": "2026-01-13T16:15:56.840", "metrics": {}, "published": "2026-01-13T16:15:56.840", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}