{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38573","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.025Z","datePublished":"2025-08-19T17:02:53.008Z","dateUpdated":"2026-05-11T21:30:42.467Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:30:42.467Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-cs42l43.c"],"versions":[{"version":"0ca645ab5b1528666f6662a0e620140355b5aea3","lessThan":"674328102baad76c7a06628efc01974ece5ae27f","status":"affected","versionType":"git"},{"version":"0ca645ab5b1528666f6662a0e620140355b5aea3","lessThan":"9f0035ae38d2571f5ddedc829d74492013caa625","status":"affected","versionType":"git"},{"version":"0ca645ab5b1528666f6662a0e620140355b5aea3","lessThan":"139b5df757a0aa436f763b0038e0b73808d2f4b6","status":"affected","versionType":"git"},{"version":"0ca645ab5b1528666f6662a0e620140355b5aea3","lessThan":"ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-cs42l43.c"],"versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","status":"unaffected","versionType":"semver"},{"version":"6.12.42","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/674328102baad76c7a06628efc01974ece5ae27f"},{"url":"https://git.kernel.org/stable/c/9f0035ae38d2571f5ddedc829d74492013caa625"},{"url":"https://git.kernel.org/stable/c/139b5df757a0aa436f763b0038e0b73808d2f4b6"},{"url":"https://git.kernel.org/stable/c/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667"}],"title":"spi: cs42l43: Property entry should be a null-terminated array","x_generator":{"engine":"bippy-1.2.0"}}}}