CVE-2025-68777— Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationAffected Version Matrix 16
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< a7ff2360431561b56f559d3a628d1f096048d178 | affected |
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< 136abe173a3cc2951d70c6e51fe7abdbadbb204b | affected | ||
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< 08c0b561823a7026364efb38ed7f4a3af48ccfcd | affected | ||
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< bf95ec55805828c4f2b5241fb6b0c12388548570 | affected | ||
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< 84e4d3543168912549271b34261f5e0f94952d6e | affected | ||
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< 40e3042de43ffa0017a8460ff9b4cad7b8c7cb96 | affected | ||
bb76dc09ddfc135c6c5e8eb7d3c583bfa8bdd439< 248d3a73a0167dce15ba100477c3e778c4787178 | affected | ||
3.11 | affected | ||
| … +8 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-68777
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows wire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds access when used as index in 'config_pins[wire_order[i]]'. Since config_pins has 4 elements (indices 0-3), the valid range for wire_order should be 0-3. Fix the off-by-one error by using >= instead of > in the validation check.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ti_am335x_tsc驱动中wire_order验证存在差一错误,可能导致越界访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-68777
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-68777
请登录查看更多情报信息。
Same Patch Batch · Linux · 2026-01-13 · 93 CVEs total
| CVE-2025-71089 | 7.8 HIGH | iommu: disable SVA when CONFIG_X86 is set |
| CVE-2025-71069 | f2fs: invalidate dentry cache on failed whiteout creation | |
| CVE-2025-71068 | svcrdma: bound check rq_pages index in inline path | |
| CVE-2025-71065 | f2fs: fix to avoid potential deadlock | |
| CVE-2025-68821 | fuse: fix readahead reclaim deadlock | |
| CVE-2025-68820 | ext4: xattr: fix null pointer deref in ext4_raw_inode() | |
| CVE-2025-68819 | media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() | |
| CVE-2025-68818 | scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" | |
| CVE-2025-68817 | ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency | |
| CVE-2025-68823 | ublk: fix deadlock when reading partition table | |
| CVE-2025-71067 | ntfs: set dummy blocksize to read boot_block when mounting | |
| CVE-2025-71071 | iommu/mediatek: fix use-after-free on probe deferral | |
| CVE-2025-71070 | ublk: clean up user copy references on ublk server exit | |
| CVE-2025-71072 | shmem: fix recovery on rename failures | |
| CVE-2025-71073 | Input: lkkbd - disable pending work before freeing device | |
| CVE-2025-71074 | functionfs: fix the open/removal races | |
| CVE-2025-71075 | scsi: aic94xx: fix use-after-free in device removal path | |
| CVE-2025-71077 | tpm: Cap the number of PCR banks | |
| CVE-2025-71076 | drm/xe/oa: Limit num_syncs to prevent oversized allocations | |
| CVE-2025-71078 | powerpc/64s/slb: Fix SLB multihit issue during SLB preload |
Showing top 20 of 93 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46243
smb: client: reject userspace cifs.spnego descriptions - CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf
Same vendor: Linux
- CVE-2026-46243
smb: client: reject userspace cifs.spnego descriptions - CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf
V. Comments for CVE-2025-68777
No comments yet