7.1
CVE-2025-39869
- EPSS 0.14%
- Veröffentlicht 23.09.2025 06:15:46
- Zuletzt bearbeitet 20.01.2026 20:41:15
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_map[i][1] = i; The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang. Change the allocation to use sizeof(*queue_priority_map) which automatically gets the correct size for the 2D array structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.4 < 5.4.300
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.245
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.194
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.153
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.107
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.48
Linux ≫ Linux Kernel Version >= 6.13 < 6.16.8
Linux ≫ Linux Kernel Version6.17 Updaterc1
Linux ≫ Linux Kernel Version6.17 Updaterc2
Linux ≫ Linux Kernel Version6.17 Updaterc3
Linux ≫ Linux Kernel Version6.17 Updaterc4
Linux ≫ Linux Kernel Version6.17 Updaterc5
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b
https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc
https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93
https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5
https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f
https://git.kernel.org/stable/c/301a96cc4dc006c9a285913d301e681cfbf7edb6
https://git.kernel.org/stable/c/7d4de60d6db02d9b01d5890d5156b04fad65d07a
https://git.kernel.org/stable/c/d722de80ce037dccf6931e778f4a46499d51bdf9
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html