Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:spi: fsl-cpm: Check length parity before switching to 16 bit mode
Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers
with even size") failed to make sure that the size is really even
before switching to 16 bit mode. Until recently the problem went
unnoticed because kernfs uses a pre-allocated bounce buffer of size
PAGE_SIZE for reading EEPROM.
But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API")
introduced an additional dynamically allocated bounce buffer whose size
is exactly the size of the transfer, leading to a buffer overrun in
the fsl-cpm driver when that size is odd.
Add the missing length parity verification and remain in 8 bit mode
when the length is not even.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1256586 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jan 13 22:39:31 2026CVE page last modified: Tue Jan 13 22:39:31 2026