Memory Management Vulnerability in i.MX8MP and i.MX9 by NXP
CVE-2025-38152

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability has been identified in the Linux kernel affecting the NXP i.MX8MP and i.MX9 processors. The issue arises when a remote processor (rproc) is started with a firmware that lacks a resource table, leading to potential kernel dumps during operation. Specifically, during the rproc shutdown, the cached resource table is set to NULL, but the corresponding table size remains valid. This misalignment triggers a kernel NULL pointer dereference when an attempt is made to perform a memory copy operation. This flaw can compromise system stability and reliability, necessitating immediate attention from developers and system administrators.

Affected Version(s)

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198 < 6e66bca8cd51ebedd5d32426906a38e4a3c69c5f

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198 < 7c6bb82a6f3da6ab2d3fbea03901482231708b98

References

https://git.kernel.org/stable/c/6e66bca8cd51ebedd5d324269...

https://git.kernel.org/stable/c/e6015ca453b82ec54aec9682d...

https://git.kernel.org/stable/c/7c6bb82a6f3da6ab2d3fbea03...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025