CVE-2025-38573

spi: cs42l43: Property entry should be a null-terminated array

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f
https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625
https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6
https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667

Frequently Asked Questions

What is the severity of CVE-2025-38573?: CVE-2025-38573 has not yet been assigned a CVSS score.
How to fix CVE-2025-38573?: To fix CVE-2025-38573, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38573 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-38573 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38573?: CVE-2025-38573 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.