CVE-2025-39923
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-powered BAM instances. In this case, we need to read num-channels from the DT to have all the necessary information to complete probing. However, at the moment invalid device trees without clock and without num-channels still continue probing, because the error handling is missing return statements. The driver will then later try to read the number of channels from the registers. This is unsafe, because it relies on boot firmware and lucky timing to succeed. Unfortunately, the lack of proper error handling here has been abused for several Qualcomm SoCs upstream, causing early boot crashes in several situations [1, 2]. Avoid these early crashes by erroring out when any of the required DT properties are missing. Note that this will break some of the existing DTs upstream (mainly BAM instances related to the crypto engine). However, clearly these DTs have never been tested properly, since the error in the kernel log was just ignored. It's safer to disable the crypto engine for these broken DTBs. [1]: https://lore.kernel.org/r/[email protected]/ [2]: https://lore.kernel.org/r/[email protected]/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39923
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux 6.1.153
qualcomm bam_dma *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's dmaengine driver for Qualcomm BAM DMA. It occurs because the driver lacks proper error handling when required device tree (DT) properties like 'clock' and 'num-channels' are missing. Without these properties, the driver continues probing unsafely, relying on boot firmware and timing, which can cause early boot crashes on several Qualcomm SoCs. The fix involves adding error returns when these DT properties are missing to prevent unsafe probing and crashes.


How can this vulnerability impact me? :

This vulnerability can cause early boot crashes on devices using affected Qualcomm SoCs due to improper handling of missing device tree properties in the BAM DMA driver. This can lead to system instability or failure to boot properly, especially in cases where BAM instances are remotely controlled or powered and lack proper clock specification in the device tree.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the kernel logs for error messages related to the BAM DMA driver probing process, specifically errors indicating missing device tree properties such as 'clock' or 'num-channels'. There are no specific commands provided to detect this vulnerability directly, but reviewing dmesg or journalctl logs for such errors is recommended.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that device trees for Qualcomm SoCs correctly specify the required 'clock' and 'num-channels' properties for BAM DMA instances. If broken device trees are detected, disable the related crypto engine to avoid early boot crashes. Applying the kernel patch that fixes the error handling in the bam_dma driver is also necessary.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart