-
CVE-2025-38300
- EPSS 0.03%
- Published 10.07.2025 07:42:12
- Last modified 10.07.2025 13:17:30
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():
1] If dma_map_sg() fails for areq->dst, the device driver would try to free
DMA memory it has not allocated in the first place. To fix this, on the
"theend_sgs" error path, call dma unmap only if the corresponding dma
map was successful.
2] If the dma_map_single() call for the IV fails, the device driver would
try to free an invalid DMA memory address on the "theend_iv" path:
------------[ cut here ]------------
DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address
WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90
Modules linked in: skcipher_example(O+)
CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT
Tainted: [O]=OOT_MODULE
Hardware name: OrangePi Zero2 (DT)
pc : check_unmap+0x123c/0x1b90
lr : check_unmap+0x123c/0x1b90
...
Call trace:
check_unmap+0x123c/0x1b90 (P)
debug_dma_unmap_page+0xac/0xc0
dma_unmap_page_attrs+0x1f4/0x5fc
sun8i_ce_cipher_do_one+0x1bd4/0x1f40
crypto_pump_work+0x334/0x6e0
kthread_worker_fn+0x21c/0x438
kthread+0x374/0x664
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
To fix this, check for !dma_mapping_error() before calling
dma_unmap_single() on the "theend_iv" path.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
a0ac3f85b2e3ef529e852f252a70311f9029d5e6
Version
06f751b613296cc34b86fc83fccaf30d646eb8bc
Status
affected
Version <
c62b79c1c51303dbcb6edfa4de0ee176f4934c52
Version
06f751b613296cc34b86fc83fccaf30d646eb8bc
Status
affected
Version <
19d267d9fad00d94ad8477899e38ed7c11f33fb6
Version
06f751b613296cc34b86fc83fccaf30d646eb8bc
Status
affected
Version <
4051250e5db489f8ad65fc337e2677b9b568ac72
Version
06f751b613296cc34b86fc83fccaf30d646eb8bc
Status
affected
Version <
f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3
Version
06f751b613296cc34b86fc83fccaf30d646eb8bc
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.5
Status
affected
Version <
5.5
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.142
Status
unaffected
Version <=
6.6.*
Version
6.6.94
Status
unaffected
Version <=
6.12.*
Version
6.12.34
Status
unaffected
Version <=
6.15.*
Version
6.15.3
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.06 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|