CVE-2025-39869
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_map[i][1] = i; The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang. Change the allocation to use sizeof(*queue_priority_map) which automatically gets the correct size for the 2D array structure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39869
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a critical memory allocation bug in the Linux kernel's EDMA driver. Specifically, the queue_priority_map was allocated with insufficient memory because the code used sizeof(s8) instead of the correct size for a 2D array. This caused out-of-bounds memory writes when the code accessed elements of queue_priority_map, leading to memory corruption and kernel crashes on ARM platforms during the EDMA driver probe.

Impact Analysis

The vulnerability can cause kernel crashes due to out-of-bounds memory writes and memory corruption. On affected ARM platforms, such as BeagleBoard-X15, this can result in system instability or denial of service during the EDMA driver initialization, potentially disrupting normal operation.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the memory allocation size in the edma driver (specifically the fix in edma_setup_from_hw() for queue_priority_map). This prevents out-of-bounds memory writes and kernel crashes on affected ARM platforms.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39869. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart