CVE-2025-57983: 
WordPress vulnerability analysis and mitigation

A vulnerability in the Linux kernel was discovered and disclosed on February 26, 2025, identified as CVE-2024-57983. The issue affects the mailbox functionality in the th1520 component, specifically related to memory corruption due to incorrect array sizing. This vulnerability impacts Linux kernel versions from 6.13 up to but not including 6.13.2 (NVD).

The vulnerability stems from an implementation flaw in the th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq functions, which are responsible for managing interrupt mask registers in the MBOX ICU0. The array used for storing these registers was incorrectly sized, leading to memory corruption when accessing all four registers. The issue has been classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (HIGH), having a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in memory corruption during suspend and resume operations, potentially leading to system instability or compromise. With a high CVSS score of 7.8, the vulnerability poses significant risks to system confidentiality, integrity, and availability (NVD).

A fix has been implemented that corrects the array size to properly accommodate all four interrupt mask registers, preventing memory corruption during suspend and resume operations. The fix is available in Linux kernel version 6.13.2 and later (Kernel Patch).