CVE-2025-37832

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's cpufreq driver for sun50i has been resolved. The issue was caused by an out-of-bounds access when handling the nvmem cell, which was reported by a KASAN-enabled kernel. The problem occurred because the Device Tree (DT) specified that the nvmem cell covered only two bytes, but a u32 pointer was used to read the value. To fix this, the nvmem cell read() function was utilized to return the length of the nvmem cell, allowing for access to only the valid portion of the data. The solution involved using memcpy() to copy the information into a zeroed u32 buffer and ensuring that the data was always read in little endian format.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the out-of-bounds access in the sun50i cpufreq driver. At the moment, there is no information about a newer version that contains a fix for this vulnerability.