Linux Kernel Vulnerability in PATA_VIA Controller Affecting ASRock Products
CVE-2025-38336
What is CVE-2025-38336?
A vulnerability in the PATA_VIA controller within the Linux kernel can lead to a complete system hang, particularly when dealing with ATAPI DMA operations. This issue manifests when attempting to read the ATIP from optical media, such as DVDs, using specific hardware combinations like the NEC DVD_RW ND-4571A or the Optiarc DVD RW AD-7200A installed on the ASRock 990FX Extreme 4 motherboard. Attempts to reproduce the problem in a WinXP environment using a cygwin build of cdrecord also indicate similar system hangs, albeit with less frequency. Unfortunately, no known workarounds exist due to the lack of appropriate drivers from VIA for this OS, although forcing PIO can mitigate the issue.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67d66a5e4583fd3bcf13d6f747e571df13cbad51
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0d9a48dfa934f43ac839211ae4aeba34f666a9a5
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7fc89c218fc96a296a2840b1e37f4e0975f7a108