CVE-2025-38486
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: soundwire: Revert "soundwire: qcom: Add set_channel_map api support" This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c (sdm845). I see: Unexpected kernel BRK exception at EL1 Internal error: BRK handler: 00000000f20003e8 [#1] SMP pc : qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] lr : snd_soc_dai_set_channel_map+0x34/0x78 Call trace: qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] (P) sdm845_dai_init+0x18c/0x2e0 [snd_soc_sdm845] snd_soc_link_init+0x28/0x6c snd_soc_bind_card+0x5f4/0xb0c snd_soc_register_card+0x148/0x1a4 devm_snd_soc_register_card+0x50/0xb0 sdm845_snd_platform_probe+0x124/0x148 [snd_soc_sdm845] platform_probe+0x6c/0xd0 really_probe+0xc0/0x2a4 __driver_probe_device+0x7c/0x130 driver_probe_device+0x40/0x118 __device_attach_driver+0xc4/0x108 bus_for_each_drv+0x8c/0xf0 __device_attach+0xa4/0x198 device_initial_probe+0x18/0x28 bus_probe_device+0xb8/0xbc deferred_probe_work_func+0xac/0xfc process_one_work+0x244/0x658 worker_thread+0x1b4/0x360 kthread+0x148/0x228 ret_from_fork+0x10/0x20 Kernel panic - not syncing: BRK handler: Fatal exception Dan has also reported following issues with the original patch https://lore.kernel.org/all/[email protected]/ Bug #1: The zeroeth element of ctrl->pconfig[] is supposed to be unused. We start counting at 1. However this code sets ctrl->pconfig[0].ch_mask = 128. Bug #2: There are SLIM_MAX_TX_PORTS (16) elements in tx_ch[] array but only QCOM_SDW_MAX_PORTS + 1 (15) in the ctrl->pconfig[] array so it corrupts memory like Yongqin Liu pointed out. Bug 3: Like Jie Gan pointed out, it erases all the tx information with the rx information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38486
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to a faulty patch in the Linux kernel's soundwire Qualcomm driver, specifically affecting the Dragonboard 845c (sdm845). The patch introduced a kernel BRK exception causing a fatal kernel panic due to improper handling of channel mapping in the soundwire_qcom driver. The issues include incorrect use of array indices leading to memory corruption and overwriting of transmit (tx) information with receive (rx) information, which breaks the sound subsystem on affected devices.


How can this vulnerability impact me? :

This vulnerability can cause the affected device to experience kernel panics and crashes, leading to system instability or complete failure of the sound subsystem. Devices like the Dragonboard 845c running the affected Linux kernel version may become unusable or unreliable for audio functions until the patch is reverted or fixed.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel logs for specific error messages related to the soundwire_qcom module on affected devices such as Dragonboard 845c. Look for kernel BRK exceptions at EL1 and internal errors referencing qcom_swrm_set_channel_map. Commands to check kernel logs include: 'dmesg | grep BRK', 'dmesg | grep soundwire_qcom', or 'journalctl -k | grep BRK'. Monitoring for kernel panics with messages like 'Kernel panic - not syncing: BRK handler: Fatal exception' can also indicate the presence of this issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to apply the patch that reverts the problematic commit 7796c97df6b1b2206681a07f3c80f6023a6593d5 in the Linux kernel soundwire_qcom driver. This reversion fixes the issues causing kernel panics and memory corruption on affected devices such as the Dragonboard 845c. Until the patch is applied, avoid using the affected soundwire_qcom functionality or hardware that triggers this code path to prevent kernel crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart