7.1

CVE-2025-39869

dmaengine: ti: edma: Fix memory allocation size for queue_priority_map

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: edma: Fix memory allocation size for queue_priority_map

Fix a critical memory allocation bug in edma_setup_from_hw() where
queue_priority_map was allocated with insufficient memory. The code
declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),
but allocated memory using sizeof(s8) instead of the correct size.

This caused out-of-bounds memory writes when accessing:
  queue_priority_map[i][0] = i;
  queue_priority_map[i][1] = i;

The bug manifested as kernel crashes with "Oops - undefined instruction"
on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the
memory corruption triggered kernel hardening features on Clang.

Change the allocation to use sizeof(*queue_priority_map) which
automatically gets the correct size for the 2D array structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4 < 5.4.300
LinuxLinux Kernel Version >= 5.5 < 5.10.245
LinuxLinux Kernel Version >= 5.11 < 5.15.194
LinuxLinux Kernel Version >= 5.16 < 6.1.153
LinuxLinux Kernel Version >= 6.2 < 6.6.107
LinuxLinux Kernel Version >= 6.7 < 6.12.48
LinuxLinux Kernel Version >= 6.13 < 6.16.8
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
LinuxLinux Kernel Version6.17 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.039
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b
Patch
https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc
Patch
https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93
Patch
https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5
Patch
https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f
Patch
https://git.kernel.org/stable/c/301a96cc4dc006c9a285913d301e681cfbf7edb6
Patch
https://git.kernel.org/stable/c/7d4de60d6db02d9b01d5890d5156b04fad65d07a
Patch
https://git.kernel.org/stable/c/d722de80ce037dccf6931e778f4a46499d51bdf9
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List