CVE-2025-38286
Atmel at91 pinctrl Out-of-Boundary Array Indexing Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks.
INFO
Published Date :
July 10, 2025, 8:15 a.m.
Last Modified :
July 10, 2025, 1:17 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-38286.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-38286 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-38286 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 10, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks. Added Reference https://git.kernel.org/stable/c/264a5cf0c422e65c94447a1ebebfac7c92690670 Added Reference https://git.kernel.org/stable/c/288c39286f759314ee8fb3a80a858179b4f306da Added Reference https://git.kernel.org/stable/c/2ecafe59668d2506a68459a9d169ebe41a147a41 Added Reference https://git.kernel.org/stable/c/762ef7d1e6eefad9896560bfcb9bcf7f1b6df9c1 Added Reference https://git.kernel.org/stable/c/db5665cbfd766db7d8cd0e5fd6e3c0b412916774 Added Reference https://git.kernel.org/stable/c/e02e12d6a7ab76c83849a4122785650dc7edef65 Added Reference https://git.kernel.org/stable/c/eb435bc4c74acbb286cec773deac13d117d3ef39 Added Reference https://git.kernel.org/stable/c/f1c1fdc41fbf7e308ced9c86f3f66345a3f6f478
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-38286 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-38286
weaknesses.