U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-68773 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced an additional dynamically allocated bounce buffer whose size is exactly the size of the transfer, leading to a buffer overrun in the fsl-cpm driver when that size is odd. Add the missing length parity verification and remain in 8 bit mode when the length is not even.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/1417927df8049a0194933861e9b098669a95c762 kernel.org
https://git.kernel.org/stable/c/3dd6d01384823e1bd8602873153d6fc4337ac4fe kernel.org
https://git.kernel.org/stable/c/743cebcbd1b2609ec5057ab474979cef73d1b681 kernel.org
https://git.kernel.org/stable/c/837a23a11e0f734f096c7c7b0778d0e625e3dc87 kernel.org
https://git.kernel.org/stable/c/9c34a4a2ead00979d203a8c16bea87f0ef5291d8 kernel.org
https://git.kernel.org/stable/c/be0b613198e6bfa104ad520397cab82ad3ec1771 kernel.org
https://git.kernel.org/stable/c/c8f1d35076b78df61ace737e41cc1f4b7b63236c kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-68773
NVD Published Date:
01/13/2026
NVD Last Modified:
04/14/2026
Source:
kernel.org