CVE-2025-22067

🗓️ 16 Apr 2025 14:12:20Reported by LinuxType

Fix for out-of-bounds access in cdns_mrvl_xspi_setup_clock ensures safe array iteration.

Reporter	Title	Published	Views	Family All 85
AstraLinux	Astra Linux - уязвимость в linux-6.12	16 Jun 202511:28	–	astralinux
CNNVD	Linux kernel 安全漏洞	16 Apr 202500:00	–	cnnvd
Cvelist	CVE-2025-22067 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()	16 Apr 202514:12	–	cvelist
Debian CVE	CVE-2025-22067	16 Apr 202514:12	–	debiancve
Oracle linux	Unbreakable Enterprise kernel security update	17 Jul 202500:00	–	oraclelinux
EUVD	EUVD-2025-11233	3 Oct 202520:07	–	euvd
NVD	CVE-2025-22067	16 Apr 202515:16	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-7594-1)	25 Jun 202500:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-7594-2)	27 Jun 202500:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-7594-3)	10 Jul 202500:00	–	openvas

NVD

Vulners

CNA

Node

linux linux_kernelRange6.12–6.12.23

linux linux_kernelRange6.13–6.13.11

linux linux_kernelRange6.14–6.14.2

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/spi/spi-cadence-xspi.c"
    ],
    "versions": [
      {
        "version": "26d34fdc49712ddbd42b11102f5d9d78a0f42097",
        "lessThan": "e50781bf7accc75883cb8a6a9921fb4e2fa8cca4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "26d34fdc49712ddbd42b11102f5d9d78a0f42097",
        "lessThan": "c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "26d34fdc49712ddbd42b11102f5d9d78a0f42097",
        "lessThan": "645f1813fe0dc96381c36b834131e643b798fd73",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "26d34fdc49712ddbd42b11102f5d9d78a0f42097",
        "lessThan": "7ba0847fa1c22e7801cebfe5f7b75aee4fae317e",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/spi/spi-cadence-xspi.c"
    ],
    "versions": [
      {
        "version": "6.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.12",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.23",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.13.11",
        "lessThanOrEqual": "6.13.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.14.2",
        "lessThanOrEqual": "6.14.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/645f1813fe0dc96381c36b834131e643b798fd73
git	www.git.kernel.org/stable/c/7ba0847fa1c22e7801cebfe5f7b75aee4fae317e
git	www.git.kernel.org/stable/c/c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275
git	www.git.kernel.org/stable/c/e50781bf7accc75883cb8a6a9921fb4e2fa8cca4

11 May 2026 21:12Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.8

EPSS0.00273

CWE-129