Linux Kernel Samsung Clock Driver Out-of-Bounds Read Vulnerability

Vulnerability

A vulnerability in the Samsung clock driver of the Linux kernel has been identified, where an out-of-bounds read occurs in the 'samsung_clk_init' function. This issue arises because the function dereferences 'ctx->clk_data.hws' before properly initializing 'ctx->clk_data.num' with the number of clocks. The vulnerability can lead to a panic, as detected by the Undefined Behavior Sanitizer (UBSAN), indicating an array index out-of-bounds error.

Impact

Exploitation of this vulnerability causes a kernel panic due to an out-of-bounds array access, which can lead to a denial of service by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Samsung Clock Driver Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating