DMA Buffer Management Issue in Linux Kernel
CVE-2025-38533

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38533?

A vulnerability exists in the Linux kernel's network component involving the wx_rx_buffer structure, which contains uninitialized DMA address fields. Specifically, while the 'page_dma' field is initialized and effectively utilized, the 'dma' field remains uninitialized in certain scenarios. This oversight can trigger undefined behavior, potentially leading to DMA errors or use-after-free vulnerabilities if the uninitialized 'dma' address is inadvertently accessed. Although there have been no reported occurrences of such issues, the importance of rectifying this coding behavior is underscored.

Affected Version(s)

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd < 027701180a7bcb64c42eab291133ef0c87b5b6c5

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd < 05c37b574997892a40a0e9b9b88a481566b2367d

References

https://git.kernel.org/stable/c/027701180a7bcb64c42eab291...

https://git.kernel.org/stable/c/ba7c793f96c1c2b944bb6f423...

https://git.kernel.org/stable/c/05c37b574997892a40a0e9b9b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025