PT-2025-34423 · Mediatek+6 · Mediatek Mt8365-Dai-I2S+6

Published

2025-07-10

Updated

2026-04-03

CVE-2025-38662

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw was discovered in the Linux kernel related to the ASoC (Audio Subsystem over Component) framework, specifically within the mediatek mt8365-dai-i2s driver. The mt8365 dai set priv function incorrectly handles the size of data copied, leading to a potential out-of-bounds write condition detected by KASAN (Kernel Address Sanitizer). This occurs because the function allocates space based on the size of struct mt8365 afe private instead of struct mtk afe i2s priv when copying data into the priv data buffer.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BDU:2025-15774

CVE-2025-38662

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

Mediatek Mt8365-Dai-I2S

PT-2025-34423 · Mediatek+6 · Mediatek Mt8365-Dai-I2S+6

CVE-2025-38662

Weakness Enumeration

Related Identifiers

Affected Products

References · 1488