CVE-2025-38336
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also prevent the system from booting. In this case, the system hangs when reading the ATIP from optical media with cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an Optiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4, running at UDMA/33. The issue can be reproduced by running the same command with a cygwin build of cdrecord on WinXP, although it requires more attempts to cause it. The hang in that case is also resolved by forcing PIO. It doesn't appear that VIA has produced any drivers for that OS, thus no known workaround exists. HDDs attached to the controller do not suffer from any DMA issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38336
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.11 (inc) to 5.15.186 (inc)
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a hardware bug in the VIA VT6415/VT6330 controller used in some Linux systems. When using ATAPI devices (like certain DVD drives) with DMA (Direct Memory Access), the system can hard hang without any trace of what happened. This occurs specifically when reading ATIP data from optical media with certain DVD drives, causing the system to freeze or even fail to boot. The issue is resolved by forcing PIO (Programmed Input/Output) mode instead of DMA for these devices.


How can this vulnerability impact me? :

This vulnerability can cause your system to hard hang (freeze completely) when accessing certain optical drives via DMA, potentially preventing the system from booting. This can disrupt normal operations, cause data access interruptions, and require manual intervention to recover the system. The problem specifically affects ATAPI devices on the VIA VT6415/VT6330 controller when using DMA, but not HDDs attached to the same controller.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to reproduce the system hang when reading the ATIP from optical media using the command: cdrecord -vvv -atip on affected devices such as NEC DVD_RW ND-4571A or Optiarc DVD RW AD-7200A attached to a VT6415/VT6330 controller. Observing a system hang during this operation indicates the presence of the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, force PIO mode for ATAPI devices on the affected VIA controllers (VT6415/VT6330) instead of using DMA. This prevents the system hang caused by the hardware bug when performing ATAPI DMAs. Using PIO mode disables the problematic DMA transfers and avoids the hang.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart