Acknowledged
Created: Jul 28, 2025
Updated: Jul 29, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods[EOL][EOL]drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But[EOL]the memory is allocated for only one pointer. This will lead to[EOL]out-of-bounds access later in the code if 'config::ngpios' is > 1. So[EOL]fix the code to allocate enough memory to hold 'config::ngpios' of GPIO[EOL]descriptors.[EOL][EOL]While at it, also move the check for memory allocation failure to be below[EOL]the allocation to make it more readable.
CREATE(Triage):(User=admin) [CVE-2025-38395 (https://nvd.nist.gov/vuln/detail/CVE-2025-38395)
