CVE-2025-38300

MEDIUM EPSS 4.3%
Published Jul 10, 202511mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 10, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to free DMA memory it has not allocated in the first place. To fix this, on the "theend_sgs" error path, call dma unmap only if the corresponding dma map was successful. 2] If the dma_map_single() call for the IV fails, the device driver would try to free an invalid DMA memory address on the "theend_iv" path: ------------[ cut here ]------------ DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90 Modules linked in: skcipher_example(O+) CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT Tainted: [O]=OOT_MODULE Hardware name: OrangePi Zero2 (DT) pc : check_unmap+0x123c/0x1b90 lr : check_unmap+0x123c/0x1b90 ... Call trace: check_unmap+0x123c/0x1b90 (P) debug_dma_unmap_page+0xac/0xc0 dma_unmap_page_attrs+0x1f4/0x5fc sun8i_ce_cipher_do_one+0x1bd4/0x1f40 crypto_pump_work+0x334/0x6e0 kthread_worker_fn+0x21c/0x438 kthread+0x374/0x664 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- To fix this, check for !dma_mapping_error() before calling dma_unmap_single() on the "theend_iv" path.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3
debiandebian_linux11.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/19d267d9fad00d94ad8477899e38ed7c11f33fb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4051250e5db489f8ad65fc337e2677b9b568ac72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0ac3f85b2e3ef529e852f252a70311f9029d5e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c62b79c1c51303dbcb6edfa4de0ee176f4934c52
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19d267d9fad00d94ad8477899e38ed7c11f33fb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4051250e5db489f8ad65fc337e2677b9b568ac72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0ac3f85b2e3ef529e852f252a70311f9029d5e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c62b79c1c51303dbcb6edfa4de0ee176f4934c52
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3
    Patch