CVE-2025-40014 in Linuxinfo

Summary

by MITRE • 04/18/2025

In the Linux kernel, the following vulnerability has been resolved:

objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds.

Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ.

Fixes the following warning with an UBSAN kernel:

drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/16/2026

The vulnerability CVE-2025-40014 represents a critical out-of-bounds stack access flaw in the Linux kernel's AMD SPI driver implementation. This issue specifically affects the amd_set_spi_freq() function within the spi-amd driver module, where improper boundary checking leads to memory corruption vulnerabilities. The flaw occurs when the function processes SPI frequency values that fall below the minimum threshold defined by AMD_SPI_MIN_HZ, creating a condition where loop iteration continues beyond the allocated array bounds. This type of vulnerability falls under the CWE-129 weakness category, which encompasses issues related to insufficient bounds checking of array data access.

The technical execution of this vulnerability involves the amd_spi_freq array traversal logic where the function fails to implement proper early termination conditions when encountering values below the minimum acceptable frequency threshold. When speed_hz parameter values are less than AMD_SPI_MIN_HZ, the iterative process continues through the entire array structure without proper bounds enforcement, causing the loop variable 'i' to exceed the array's legitimate boundaries. This behavior creates a classic buffer overflow scenario that can result in unpredictable memory access patterns and potential code execution hijacking. The vulnerability is particularly concerning as it operates within the kernel's object tooling framework, which is responsible for validating function boundaries and memory access patterns during compilation and runtime operations.

The operational impact of this vulnerability extends beyond simple memory corruption to potentially enable privilege escalation and system stability compromise. When the UBSAN kernel detects this condition, it generates specific error messages indicating that the amd_set_spi_freq() function falls through to the subsequent amd_spi_set_opcode() function, suggesting a complete breakdown in execution flow control. This type of flaw can be exploited by malicious actors to manipulate kernel memory structures, potentially leading to full system compromise. The vulnerability's classification aligns with ATT&CK technique T1068, which covers local privilege escalation through kernel exploits, and T1547.001, covering registry run keys and startup folder modifications that could occur as part of exploitation activities.

Mitigation strategies for CVE-2025-40014 should focus on immediate kernel updates that implement the fix for early loop termination in the amd_set_spi_freq() function. The resolution involves modifying the loop logic to break out when reaching the last entry in the amd_spi_freq array, effectively clamping low speed_hz values to the minimum acceptable threshold. System administrators should prioritize patch deployment across all affected systems, particularly those utilizing AMD-based SPI controllers. Additionally, implementing runtime monitoring for abnormal SPI frequency operations and memory access patterns can provide early detection of exploitation attempts. The fix demonstrates proper defensive programming practices that align with secure coding standards, ensuring that all array access operations include proper boundary validation before loop execution begins.

Responsible

Linux

Reservation

04/16/2025

Disclosure

04/18/2025

Moderation

accepted

CPE

ready

EPSS

0.00204

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!