{"id":"CVE-2025-68352","summary":"spi: ch341: fix out-of-bounds memory access in ch341_transfer_one","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ch341: fix out-of-bounds memory access in ch341_transfer_one\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nThe 'len' variable is calculated as 'min(32, trans-\u003elen + 1)',\nwhich includes the 1-byte command header.\n\nWhen copying data from 'trans-\u003etx_buf' to 'ch341-\u003etx_buf + 1', using 'len'\nas the length is incorrect because:\n\n1. It causes an out-of-bounds read from 'trans-\u003etx_buf' (which has size\n   'trans-\u003elen', i.e., 'len - 1' in this context).\n2. It can cause an out-of-bounds write to 'ch341-\u003etx_buf' if 'len' is\n   CH341_PACKET_LENGTH (32). Writing 32 bytes to ch341-\u003etx_buf + 1\n   overflows the buffer.\n\nFix this by copying 'len - 1' bytes.","modified":"2026-05-18T05:58:21.055519777Z","published":"2025-12-24T10:32:43.366Z","related":["SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","openSUSE-SU-2026:10039-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68352.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/545d1287e40a55242f6ab68bcc1ba3b74088b1bc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/81841da1f30f66a850cc8796d99ba330aad9d696"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cad6c0fd6f3c0e76a1f75df4bce3b08a13f08974"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ea1e43966cd03098fcd5f0d72e6c2901d45fa08d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68352.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68352"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8846739f52afa07e63395c80227dc544f54bd7b1"},{"fixed":"cad6c0fd6f3c0e76a1f75df4bce3b08a13f08974"},{"fixed":"ea1e43966cd03098fcd5f0d72e6c2901d45fa08d"},{"fixed":"81841da1f30f66a850cc8796d99ba330aad9d696"},{"fixed":"545d1287e40a55242f6ab68bcc1ba3b74088b1bc"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68352.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.11.0"},{"fixed":"6.12.63"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.13"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68352.json"}}],"schema_version":"1.7.5"}