Memory Corruption in Linux Kernel's DMA Engine Component
CVE-2025-38538

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38538?

A vulnerability has been identified in the Linux kernel's DMA engine component, specifically in the nbpfaxi feature, where improper memory allocation leads to potential memory corruption. This issue arises from an overshoot in loop iterations while accessing the nbpf->chan[] array beyond its allocated size. Additionally, during data copying from the irqbuf[] array, error checks are included to prevent misalignment. With these safeguards, the earlier flaws in the original code that could result in erroneous iteration and subsequent return errors have been addressed, enhancing overall system integrity.

Affected Version(s)

Linux b45b262cefd5b8eb2ba88d20e5bd295881293894

Linux b45b262cefd5b8eb2ba88d20e5bd295881293894 < 4bb016438335ec02b01f96bf1367378c2bfe03e5

Linux b45b262cefd5b8eb2ba88d20e5bd295881293894 < 122160289adf8ebf15060f1cbf6265b55a914948

References

https://git.kernel.org/stable/c/f366b36c5e3ce29c9a3c8eed3...

https://git.kernel.org/stable/c/4bb016438335ec02b01f96bf1...

https://git.kernel.org/stable/c/122160289adf8ebf15060f1cb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025