Soundwire Vulnerability in Dragonboard 845c by Qualcomm
CVE-2025-38486
What is CVE-2025-38486?
A vulnerability in the Soundwire subsystem of the Linux kernel has been identified, specifically affecting the Dragonboard 845c platform. The root cause stems from a reverted patch that introduced inconsistencies in memory handling and array indexing. Notably, the faulty code manipulates the ctrl->pconfig[] structure incorrectly, leading to memory corruption and potential kernel panic, characterized by an unexpected kernel BRK exception at EL1. Additionally, the issues reported highlight a misalignment in the expected number of elements within the tx_ch[] array versus the allocated memory in the ctrl->pconfig[] array. This vulnerability not only compromises the stability of the Dragonboard 845c but also raises concerns about the reliability of future patches and updates within the Soundwire framework.
Affected Version(s)
Linux 7796c97df6b1b2206681a07f3c80f6023a6593d5 < 207cea8b72fcbdf4e6db178e54186ed4f1514b3c
Linux 7796c97df6b1b2206681a07f3c80f6023a6593d5 < 834bce6a715ae9a9c4dce7892454a19adf22b013
Linux 6.15