Buffer Overflow Vulnerability in Qualcomm SoCs due to Device Tree Handling Errors
CVE-2025-39923
What is CVE-2025-39923?
The vulnerability in the Linux kernel arises from inadequate error handling in the DMA Engine driver for Qualcomm's BAM DMA controller. When a device tree lacks specified clock or channel information, the driver continues to probe without necessary safeguards, leading to potential crashes during early boot sequences. This vulnerability exploits the absence of proper error handling, which previously allowed invalid configurations to bypass critical checks. Remediation involves implementing stricter checks for device tree properties, although this may disrupt the functionality of some existing devices, particularly those related to the crypto engine, that have been historically untested.
Affected Version(s)
Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 < 555bd16351a35c79efb029a196975a5a27f7fbc4
Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868
Linux 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 < 1fc14731f0be4885e60702b9596d14d9a79cf053