CVE-2025-38401
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mtk-sd driver where, if the function msdc_prepare_data() fails to map the DMA region, the subsequent function msdc_start_data() still proceeds with DMA using previous settings. This leads to memory corruption because the request is not properly prepared for data receiving after the failure.
How can this vulnerability impact me? :
The vulnerability can cause memory corruption in the system running the affected Linux kernel. Memory corruption can lead to system instability, crashes, data corruption, or potential exploitation by attackers to execute arbitrary code or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the mtk-sd DMA map failure issue. This fix prevents memory corruption by stopping the request operation if msdc_prepare_data() fails. Applying the latest kernel patches or updates from your Linux distribution vendor is recommended.