Memory Corruption Vulnerability in Linux Kernel's SPI NAND Driver by Qualcomm
CVE-2025-38398

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38398?

This vulnerability in the Qualcomm SPI NAND driver of the Linux kernel is caused by a flaw in memory allocation for BAM transactions, leading to potential memory corruption and system instability. When using the mtd_nandbiterrs module for testing, the driver may exhibit various failures, including issues with swiotlb mapping and kernel panics due to NULL pointer dereferences. The root cause of these failures is inadequate memory allocation for BAM transactions, which can result in accessing memory outside of allocated bounds, leading to unpredictable behavior. Proper memory management practices are recommended to mitigate the effects of this vulnerability.

Affected Version(s)

Linux 7304d1909080ef0c9da703500a97f46c98393fcd < 86fb36de1132b560f9305f0c78fa69f459fa0980

Linux 7304d1909080ef0c9da703500a97f46c98393fcd

Linux 6.15

References

https://git.kernel.org/stable/c/86fb36de1132b560f9305f0c7...

https://git.kernel.org/stable/c/d85d0380292a7e618915069c3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025