CVE-2025-68773

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: fsl-cpm: Check length parity before switching to 16 bit mode<br /> <br /> Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers<br /> with even size") failed to make sure that the size is really even<br /> before switching to 16 bit mode. Until recently the problem went<br /> unnoticed because kernfs uses a pre-allocated bounce buffer of size<br /> PAGE_SIZE for reading EEPROM.<br /> <br /> But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API")<br /> introduced an additional dynamically allocated bounce buffer whose size<br /> is exactly the size of the transfer, leading to a buffer overrun in<br /> the fsl-cpm driver when that size is odd.<br /> <br /> Add the missing length parity verification and remain in 8 bit mode<br /> when the length is not even.