CVE-2025-38054
Published Jun 18, 2025
Last updated a month ago
- Description
- In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freq_in[] and signal_out[] arrays, causing NULL pointer dereferences and triggering a kernel Oops (page_fault_oops). This patch adds u8 fields (nr_freq_in, nr_signal_out) to track the number of initialized elements, with a maximum of 4 per array. The summary output functions are updated to respect these limits, preventing out-of-bounds access and ensuring safe array handling. Widen the label variables because the change confuses GCC about max length of the strings.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending