CVE-2025-38005

MEDIUM EPSS 6.2%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28 [ 4.144867] Hardware name: pp-v12 (DT) [ 4.148648] Workqueue: events udma_check_tx_completion [ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.160834] pc : udma_start.isra.0+0x34/0x238 [ 4.165227] lr : udma_start.isra.0+0x30/0x238 [ 4.169618] sp : ffffffc083cabcf0 [ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005 [ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000 [ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670 [ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030 [ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048 [ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001 [ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68 [ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8 [ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000 [ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000 [ 4.244986] Call trace: [ 4.247463] udma_start.isra.0+0x34/0x238 [ 4.251509] udma_check_tx_completion+0xd0/0xdc [ 4.256076] process_one_work+0x244/0x3fc [ 4.260129] process_scheduled_works+0x6c/0x74 [ 4.264610] worker_thread+0x150/0x1dc [ 4.268398] kthread+0xd8/0xe8 [ 4.271492] ret_from_fork+0x10/0x20 [ 4.275107] irq event stamp: 220 [ 4.278363] hardirqs last enabled at (219): [<ffffffc080a27c7c>] _raw_spin_unlock_irq+0x38/0x50 [ 4.287183] hardirqs last disabled at (220): [<ffffffc080a1c154>] el1_dbg+0x24/0x50 [ 4.294879] softirqs last enabled at (182): [<ffffffc080037e68>] handle_softirqs+0x1c0/0x3cc [ 4.303437] softirqs last disabled at (177): [<ffffffc080010170>] __do_softirq+0x1c/0x28 [ 4.311559] ---[ end trace 0000000000000000 ]--- This commit adds the missing locking.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <5.10.238
linuxlinux_kernel*≥5.11  –  <5.15.184
linuxlinux_kernel*≥5.16  –  <6.1.140
linuxlinux_kernel*≥6.2  –  <6.6.92
linuxlinux_kernel*≥6.7  –  <6.12.30
linuxlinux_kernel*≥6.13  –  <6.14.8
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99df1edf17493cb49a8c01f6bde55c3abb6a2a6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d87f1cddc592387359fde157cc4296556f6403c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df5987e76a4ae4cbd705d81ab4b15ed232250a4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fca280992af8c2fbd511bc43f65abb4a17363f2f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99df1edf17493cb49a8c01f6bde55c3abb6a2a6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d87f1cddc592387359fde157cc4296556f6403c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df5987e76a4ae4cbd705d81ab4b15ed232250a4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fca280992af8c2fbd511bc43f65abb4a17363f2f
    Patch