Linux Kernel BCM Raspberry Pi Out-of-Bounds Access Vulnerability in Clock Management

Vulnerability

A vulnerability in the Linux kernel's clock management for BCM Raspberry Pi has been addressed. The issue stemmed from the 'raspberrypi_discover_clocks()' function, which incorrectly assumed that the identifier for the last clock element was zero. This assumption was flawed, as the data is sourced from the Videocore firmware, which does not guarantee such behavior. The vulnerability could have led to out-of-bounds access. The issue has been resolved by introducing a sentinel element to ensure proper data handling.

Impact

Exploitation of this vulnerability could have resulted in out-of-bounds memory access, potentially leading to memory corruption or other unintended behavior.

Added: Jun 18, 2025, 10:09 PM

Updated: Jun 18, 2025, 10:09 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BCM Raspberry Pi Out-of-Bounds Access Vulnerability in Clock Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating