Overlapping Mappings in STM32's NAND Controller
CVE-2025-39907

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39907?

A vulnerability has been identified in the STM32MP257F's NAND controller regarding overlapping mappings on the ECC buffer. This issue can lead to cacheline tracking errors and improper handling of DMA mappings, potentially compromising data integrity during NAND operations. To mitigate this, the affected Linux kernel components have been revised to utilize a contiguous non-cacheable buffer, which prevents the occurrence of overlapping mappings. Users are advised to update their systems to ensure the reliability and security of their operations.

Affected Version(s)

Linux 2cd457f328c100bc98e36d55fe210e9ab067c704 < 75686c49574dd5f171ca682c18717787f1d8d55e

Linux 2cd457f328c100bc98e36d55fe210e9ab067c704 < 06d8ef8f853752fea88c8d5bb093a40e71b330cf

Linux 2cd457f328c100bc98e36d55fe210e9ab067c704 < 26adba1e7d7924174e15a3ba4b1132990786300b

References

https://git.kernel.org/stable/c/75686c49574dd5f171ca682c1...

https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb...

https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON