U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-39728 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ...


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/00307934eb94aaa0a99addfb37b9fe206f945004 kernel.org Patch 
https://git.kernel.org/stable/c/0fef48f4a70e45a93e73c39023c3a6ea624714d6 kernel.org Patch 
https://git.kernel.org/stable/c/157de9e48007a20c65d02fc0229a16f38134a72d kernel.org Patch 
https://git.kernel.org/stable/c/24307866e0ac0a5ddb462e766ceda5e27a6fbbe3 kernel.org Patch 
https://git.kernel.org/stable/c/4d29a6dcb51e346595a15b49693eeb728925ca43 kernel.org Patch 
https://git.kernel.org/stable/c/a1500b98cd81a32fdfb9bc63c33bb9f0c2a0a1bf kernel.org Patch 
https://git.kernel.org/stable/c/d19d7345a7bcdb083b65568a11b11adffe0687af kernel.org Patch 
https://git.kernel.org/stable/c/d974e177369c034984cece9d7d4fada9f8b9c740 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html CVE
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-129 Improper Validation of Array Index cwe source acceptance level NIST   CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-39728
NVD Published Date:
04/18/2025
NVD Last Modified:
11/03/2025
Source:
kernel.org