CVE-2025-38300
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to free DMA memory it has not allocated in the first place. To fix this, on the "theend_sgs" error path, call dma unmap only if the corresponding dma map was successful. 2] If the dma_map_single() call for the IV fails, the device driver would try to free an invalid DMA memory address on the "theend_iv" path: ------------[ cut here ]------------ DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90 Modules linked in: skcipher_example(O+) CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT Tainted: [O]=OOT_MODULE Hardware name: OrangePi Zero2 (DT) pc : check_unmap+0x123c/0x1b90 lr : check_unmap+0x123c/0x1b90 ... Call trace: check_unmap+0x123c/0x1b90 (P) debug_dma_unmap_page+0xac/0xc0 dma_unmap_page_attrs+0x1f4/0x5fc sun8i_ce_cipher_do_one+0x1bd4/0x1f40 crypto_pump_work+0x334/0x6e0 kthread_worker_fn+0x21c/0x438 kthread+0x374/0x664 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- To fix this, check for !dma_mapping_error() before calling dma_unmap_single() on the "theend_iv" path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38300
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's sun8i-ce-cipher driver, where error handling for DMA (Direct Memory Access) cleanup was incorrect. Specifically, if certain DMA mapping functions fail, the driver attempts to free DMA memory that was never allocated or is invalid. This can lead to warnings or errors in the kernel, potentially causing instability or crashes. The fix involves checking if the DMA mapping was successful before attempting to unmap (free) the DMA memory.


How can this vulnerability impact me? :

The impact of this vulnerability could include kernel warnings, instability, or crashes due to improper freeing of DMA memory. This could affect system reliability and potentially cause denial of service if the kernel becomes unstable or crashes when the driver encounters these error conditions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability relates to error handling in the sun8i-ce-cipher driver in the Linux kernel, specifically involving DMA cleanup issues. Detection would involve monitoring kernel logs for warnings or errors related to DMA unmapping failures. You can check the kernel log for messages similar to 'device driver tries to free an invalid DMA memory address' or warnings from dma debug functions. Suggested commands include: `dmesg | grep -i dma`, `dmesg | grep -i sun8i`, or `journalctl -k | grep -i dma` to look for relevant error messages indicating the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed, as the issue is resolved by correcting error handling in the sun8i_ce_cipher_prepare() function. If updating is not immediately possible, monitoring kernel logs for the described errors and avoiding use of the affected crypto driver on vulnerable hardware may reduce risk. However, the primary fix is applying the patch that checks for dma mapping errors before unmapping DMA memory.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart