CVE-2025-40356
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dma_map_single() call for getting the DMA address of the transfer buffer instead of hacking with virt_to_phys(). This fixes the following DMA-API debug warning: ------------[ cut here ]------------ DMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated [device address=0x000000000cf70000] [size=288 bytes] WARNING: kernel/dma/debug.c:1106 at check_sync+0x1d8/0x690, CPU#2: systemd-udevd/151 Modules linked in: ... Hardware name: Hardkernel ODROID-M1 (DT) pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : check_sync+0x1d8/0x690 lr : check_sync+0x1d8/0x690 .. Call trace: check_sync+0x1d8/0x690 (P) debug_dma_sync_single_for_cpu+0x84/0x8c __dma_sync_single_for_cpu+0x88/0x234 rockchip_sfc_exec_mem_op+0x4a0/0x798 [spi_rockchip_sfc] spi_mem_exec_op+0x408/0x498 spi_nor_read_data+0x170/0x184 spi_nor_read_sfdp+0x74/0xe4 spi_nor_parse_sfdp+0x120/0x11f0 spi_nor_sfdp_init_params_deprecated+0x3c/0x8c spi_nor_scan+0x690/0xf88 spi_nor_probe+0xe4/0x304 spi_mem_probe+0x6c/0xa8 spi_probe+0x94/0xd4 really_probe+0xbc/0x298 ...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40356
EUVD
EUVD-2025-203631
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockchip rockchip_sfc *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's rockchip-sfc SPI driver involves incorrect usage of the DMA-API. The driver was using virt_to_phys() to get the physical address of the transfer buffer instead of the proper dma_map_single() call. This misuse caused a DMA-API debug warning because the driver tried to synchronize DMA memory it had not allocated correctly. The fix replaces the incorrect method with the correct dma_map_single() call to properly obtain the DMA address.


How can this vulnerability impact me? :

The impact of this vulnerability is primarily related to incorrect DMA memory synchronization, which can lead to system instability or unexpected behavior in the SPI driver. It may cause debug warnings and potentially affect data integrity during SPI memory operations, but no direct security impact such as privilege escalation or data leakage is indicated.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the kernel logs for the specific DMA-API debug warning related to the rockchip-sfc driver. You can use the command 'dmesg | grep -i dma-api' or 'journalctl -k | grep -i dma-api' to look for messages like: 'DMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated'. This indicates the presence of the issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the Linux kernel to a version where the rockchip-sfc driver uses the correct DMA-API dma_map_single() call instead of virt_to_phys(). This fix resolves the DMA-API debug warning and prevents improper DMA memory synchronization. If updating the kernel is not immediately possible, monitoring for the debug warning and avoiding workloads that trigger the issue may reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart