CVE-2025-39935
In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() The sma1307->set.header_size is how many integers are in the header (there are 8 of them) but instead of allocating space of 8 integers we allocate 8 bytes. This leads to memory corruption when we copy data it on the next line: memcpy(sma1307->set.header, data, sma1307->set.header_size * sizeof(int)); Also since we're immediately copying over the memory in ->set.header, there is no need to zero it in the allocator. Use devm_kmalloc_array() to allocate the memory instead.
EPSS 0.02% · 7.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 576c57e6b4c1d734bcb7cc33dde9a99a9383b520, 576c57e6b4c1d734bcb7cc33dde9a99a9383b520, 0 |
| linux | linux_kernel | 6.17, 6.13, 6.13 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Oct 4, 2025 EPSS Score
- Oct 4, 2025 CVE Published
- Oct 6, 2025 Coalition ESS Score
- Oct 8, 2025 Coalition ESS Score
- Oct 10, 2025 EPSS Score
- Oct 10, 2025 Coalition ESS Score
- Oct 17, 2025 EPSS Score
- Oct 23, 2025 EPSS Score
- Oct 30, 2025 EPSS Score
- Nov 5, 2025 EPSS Score
- Nov 6, 2025 Coalition ESS Score