Bug 2429575 (CVE-2025-71143) - CVE-2025-71143 kernel: clk: samsung: exynos-clkout: Assign .num before accessing .hws
Summary: CVE-2025-71143 kernel: clk: samsung: exynos-clkout: Assign .num before access...
Keywords:
Status: NEW
Alias: CVE-2025-71143
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-14 16:01 UTC by OSIDB Bzimport
Modified: 2026-01-15 10:18 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-14 16:01:29 UTC 
In the Linux kernel, the following vulnerability has been resolved:

clk: samsung: exynos-clkout: Assign .num before accessing .hws

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
about the number of elements in .hws[], so that it can warn when .hws[]
is accessed out of bounds. As noted in that change, the __counted_by
member must be initialized with the number of elements before the first
array access happens, otherwise there will be a warning from each access
prior to the initialization because the number of elements is zero. This
occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
has been accessed:

  UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
  index 0 is out of range for type 'clk_hw *[*]'

Move the .num initialization to before the first access of .hws[],
clearing up the warning.
Comment 1 Jon Moroney 2026-01-14 21:09:53 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011456-CVE-2025-71143-5787@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.