Linux Kernel Vulnerability in PATA_VIA Controller Affecting ASRock Products
CVE-2025-38336

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
10 July 2025

What is CVE-2025-38336?

A vulnerability in the PATA_VIA controller within the Linux kernel can lead to a complete system hang, particularly when dealing with ATAPI DMA operations. This issue manifests when attempting to read the ATIP from optical media, such as DVDs, using specific hardware combinations like the NEC DVD_RW ND-4571A or the Optiarc DVD RW AD-7200A installed on the ASRock 990FX Extreme 4 motherboard. Attempts to reproduce the problem in a WinXP environment using a cygwin build of cdrecord also indicate similar system hangs, albeit with less frequency. Unfortunately, no known workarounds exist due to the lack of appropriate drivers from VIA for this OS, although forcing PIO can mitigate the issue.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67d66a5e4583fd3bcf13d6f747e571df13cbad51

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0d9a48dfa934f43ac839211ae4aeba34f666a9a5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7fc89c218fc96a296a2840b1e37f4e0975f7a108

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38336 : Linux Kernel Vulnerability in PATA_VIA Controller Affecting ASRock Products