Linux Kernel Vulnerability in Rawnand DMA Device Management
CVE-2025-68238

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68238?

A vulnerability exists in the Linux kernel related to the management of DMA devices within the rawnand subsystem. The issue arises when the DMA device pointer dma_dev is dereferenced without confirming that the cdns_ctrl->dmac is properly initialized. This flaw can lead to unexpected behavior or system instability. The proper mitigation involves ensuring that the assignment of dma_dev occurs only after the successful acquisition of the DMA channel, thus providing a valid pointer before its use. This enhancement aims to safeguard against potential exploitation and improve overall system reliability.

Affected Version(s)

Linux 0cae7c285f4771a9927ef592899234d307aea5d4 < 2178b0255eae108bb10e5e99658b28641bc06f43

Linux 099a316518508be7c57de4134ef919b2dea948ce < 9c58c64ec41290c12490ca7e1df45013fbbb41fd

Linux e630d32162a8aab92d4aaebae0a8d93039257593

References

https://git.kernel.org/stable/c/2178b0255eae108bb10e5e996...

https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1...

https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON