CVE-2025-39728: Resolved Linux Kernel Vulnerability - Fix UBSAN panic in samsung_clk_init()

A recently discovered vulnerability in the Linux kernel has been resolved, specifically in the area of clock management for Samsung SoC (System-on-a-Chip) devices. The vulnerability, identified as CVE-2025-39728, could cause a UBSAN panic in the samsung_clk_init() function.

The Linux kernel forms the basis for operating systems such as Android and is constantly being updated to address security issues and improve performance. With the help of the developer community, these vulnerabilities are found and fixed in a timely manner. In this post, we will provide information on the vulnerability, examining the code snippet that resolves the issue, and discussing the exploit details.

Code Snippet

The issue is caused by dereferencing ctx->clk_data.hws before setting ctx->clk_data.num = nr_clks. By moving this line of code up to fix the crash, the vulnerability is resolved. The updated code snippet is shown below:

  // * Move this line up to fix UBSAN panic *
  ctx->clk_data.num = nr_clks;

  ctx->clk_data.hws = kzalloc(sizeof(*ctx->clk_data.hws) * ctx->clk_data.num, GFP_KERNEL);

Links to Original References

The vulnerability and its fix were reported and discussed on the Linux Kernel Mailing List (LKML). You can find the original discussion here:
- [LKML: Arvind Yadav: [PATCH] clk: samsung: Fix UBSAN panic in ...,](https://lkml.org/lkml/2019/1/11/104)

Exploit Details

The vulnerability could be exploited when the kernel's UBSAN_ARRAY_BOUNDS configuration option is enabled ('y'), causing a panic. The call trace for this issue demonstrates the crash and its origin within the function samsung_clk_init():

  UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
  <snip>
  Call trace:
   samsung_clk_init+x110/x124 (P)
   samsung_clk_init+x48/x124 (L)
   samsung_cmu_register_one+x3c/xa
   exynos_arm64_register_cmu+x54/x64
   __gs101_cmu_top_of_clk_init_declare+x28/x60

By rearranging the code placement within the samsung_clk_init() function to address the dereferencing issue, the vulnerability has been fixed and should prevent such crashes from occurring.

Conclusion

The timely discovery and resolution of Linux kernel vulnerabilities like CVE-2025-39728 demonstrate the value of the kernel's open-source nature and the importance of collaboration within the developer community. By addressing these vulnerabilities, the Linux kernel becomes more secure and robust, ensuring its continued success as the foundation for many operating systems. If you ever come across a bug or vulnerability in the kernel, don't hesitate to report it through mailing lists like LKML and collaborate with others to resolve the issue. Together, we can continue to strengthen the Linux kernel and make it better for everyone.

Timeline

Published on: 04/18/2025 07:15:44 UTC
Last modified on: 04/29/2025 14:18:06 UTC