Buffer Overflow Vulnerability in Qualcomm SoCs due to Device Tree Handling Errors
CVE-2025-39923

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2025-39923?

The vulnerability in the Linux kernel arises from inadequate error handling in the DMA Engine driver for Qualcomm's BAM DMA controller. When a device tree lacks specified clock or channel information, the driver continues to probe without necessary safeguards, leading to potential crashes during early boot sequences. This vulnerability exploits the absence of proper error handling, which previously allowed invalid configurations to bypass critical checks. Remediation involves implementing stricter checks for device tree properties, although this may disrupt the functionality of some existing devices, particularly those related to the crypto engine, that have been historically untested.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 < 2e257a6125c63350f00dc42b9674f20fd3cf4a9f

Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 < 1d98ba204d8a6db0d986c7f1aefaa0dcd1c007a2

Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 < 6ac1599d0e78036d9d08efc2f58c2d91f0a3ee4c

References

https://git.kernel.org/stable/c/2e257a6125c63350f00dc42b9...
https://git.kernel.org/stable/c/1d98ba204d8a6db0d986c7f1a...
https://git.kernel.org/stable/c/6ac1599d0e78036d9d08efc2f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.