Listen to this Post
How the CVE Works
The vulnerability occurs in the Linux kernel’s SPI driver (spi-amd). The function `amd_set_spi_freq()` fails to properly handle low-speed SPI clock requests (speed_hz < AMD_SPI_MIN_HZ), leading to an out-of-bounds array access. When an invalid `speed_hz` is provided, the loop iterates beyond the `amd_spi_freq` array bounds, causing undefined behavior. This could lead to memory corruption or kernel crashes. The fix ensures the loop terminates at the last valid entry, clamping the speed to AMD_SPI_MIN_HZ.
DailyCVE Form
Platform: Linux Kernel
Version: Pre-patch versions
Vulnerability: Out-of-bounds stack access
Severity: Medium
Date: 04/29/2025
What Undercode Say:
Exploitation Analysis
- Triggered by malformed SPI speed requests.
- Attackers could crash systems via invalid clock speeds.
- Kernel memory corruption possible in rare cases.
Exploit Commands
Crash vulnerable SPI controller (PoC) echo 1 > /sys/class/spi_master/spi0/set_speed_hz
Protection Commands
Apply kernel patch git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git git cherry-pick <fix-commit>
Detection Script
include <linux/spi/spi.h>
void check_amd_spi_vuln() {
if (amd_set_spi_freq(0) != -EINVAL)
printk("Vulnerable to CVE-2025-40014\n");
}
Mitigation Code
// Patch: Clamp speed_hz to AMD_SPI_MIN_HZ if (speed_hz < AMD_SPI_MIN_HZ) speed_hz = AMD_SPI_MIN_HZ;
Kernel Log Check
dmesg | grep "SPI frequency out of range"
Impact Metrics
- CVSS 4.0: 5.6 (Medium)
- Attack Vector: Local
- Privilege Required: Low
- User Interaction: None
Affected Configs
- Linux kernels with `CONFIG_SPI_AMD=y`
– Embedded devices using AMD SPI controllers
Patch Verification
modinfo spi_amd | grep version
References
- Kernel Git Commit: `
`
– NVD: CVE-2025-40014
No additional commentary beyond provided rules.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
