CVE-2025-68281Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size20 documents8 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 87.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 16
Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdca_control" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdca_parse_function API. This patch addresses the issue by allocating correct data size.

Affected Packages6 packages

Linuxlinux/linux_kernel6.17.06.17.12
Debianlinux/linux_kernel< 6.17.12-1
Ubuntulinux/linux_kernel< 6.17.0-19.19
CVEListV5linux/linux50a479527ef01f9b36dde1803a7e81741a222509fcd5786b506c51cbabc2560c68e040d8dba22a0d+2

🔴Vulnerability Details

9
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-realtime-6.17 vulnerabilities2026-03-23
OSV
linux-gcp-6.17, linux-realtime vulnerabilities2026-03-17

📋Vendor Advisories

9
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-03-23
Ubuntu
Linux kernel vulnerabilities2026-03-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68281 Impact, Exploitability, and Mitigation Steps | Wiz