Linux Kernel Visconti Clock Driver Array Overflow Vulnerability in Clock Gate Registration

Vulnerability

An array overflow vulnerability has been addressed in the Linux kernel's Visconti clock driver. The issue arose in the function 'visconti_clk_register_gates()', where a reset function's absence was indicated by -1. This value was incorrectly stored in an 8-bit unsigned integer, causing the condition check to always evaluate as true. As a result, the vulnerability led to an out-of-bounds access in the clock registration process.

Impact

Exploitation of this vulnerability could lead to memory corruption by allowing out-of-bounds access, potentially causing a crash or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Visconti Clock Driver Array Overflow Vulnerability in Clock Gate Registration

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating