7.8

CVE-2025-38401

mtk-sd: Prevent memory corruption from DMA map failure

In the Linux kernel, the following vulnerability has been resolved:

mtk-sd: Prevent memory corruption from DMA map failure

If msdc_prepare_data() fails to map the DMA region, the request is
not prepared for data receiving, but msdc_start_data() proceeds
the DMA with previous setting.
Since this will lead a memory corruption, we have to stop the
request operation soon after the msdc_prepare_data() fails to
prepare it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.2 < 5.4.296
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.187
LinuxLinux Kernel Version >= 5.16 < 6.1.144
LinuxLinux Kernel Version >= 6.2 < 6.6.97
LinuxLinux Kernel Version >= 6.7 < 6.12.37
LinuxLinux Kernel Version >= 6.13 < 6.15.6
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/3419bc6a7b65cbbb91417bb9970208478e034c79
Patch
https://git.kernel.org/stable/c/48bf4f3dfcdab02b22581d8e350a2d23130b72c0
Patch
https://git.kernel.org/stable/c/5ac9e9e2e9cd6247d8c2d99780eae4556049e1cc
Patch
https://git.kernel.org/stable/c/61cdd663564674ea21ceb50aa9d3697cbe9e45f9
Patch
https://git.kernel.org/stable/c/63e8953f16acdcb23e2d4dd8a566d3c34df3e200
Patch
https://git.kernel.org/stable/c/a5f5f67b284d81776d4a3eb1f8607e4b7f91f11c
Patch
https://git.kernel.org/stable/c/d54771571f74a82c59830a32e76af78a8e57ac69
Patch
https://git.kernel.org/stable/c/f5de469990f19569627ea0dd56536ff5a13beaa3
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory