CVE-2025-38439
Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOMMU enabled: WARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170 RIP: 0010:__iommu_dma_unmap+0x159/0x170 Code: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45 b8 4c 89 45 c0 e9 77 ff ff ff <0f> 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ff22d31181150c88 EFLAGS: 00010206 RAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000 R10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000 R13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00 FS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x6d/0x80 ? __warn+0x89/0x160 ? __iommu_dma_unmap+0x159/0x170 ? report_bug+0x17e/0x1b0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x18/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? __iommu_dma_unmap+0x159/0x170 ? __iommu_dma_unmap+0xb3/0x170 iommu_dma_unmap_page+0x4f/0x100 dma_unmap_page_attrs+0x52/0x220 ? srso_alias_return_thunk+0x5/0xfbef5 ? xdp_return_frame+0x2e/0xd0 bnxt_tx_int_xdp+0xdf/0x440 [bnxt_en] __bnxt_poll_work_done+0x81/0x1e0 [bnxt_en] bnxt_poll+0xd3/0x1e0 [bnxt_en]
CVSS Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Threat Intelligence
Affected Products 13
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.3 – <5.4.296 |
| linux | linux_kernel | * | ≥5.5 – <5.10.240 |
| linux | linux_kernel | * | ≥5.11 – <5.15.189 |
| linux | linux_kernel | * | ≥5.16 – <6.1.146 |
| linux | linux_kernel | * | ≥6.2 – <6.6.99 |
| linux | linux_kernel | * | ≥6.7 – <6.12.39 |
| linux | linux_kernel | * | ≥6.13 – <6.15.7 |
| linux | linux_kernel | 6.16 | any |
| linux | linux_kernel | 6.16 | any |
| linux | linux_kernel | 6.16 | any |
| linux | linux_kernel | 6.16 | any |
| linux | linux_kernel | 6.16 | any |
| debian | debian_linux | 11.0 | any |
References 10
- git.kernel.org https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee
- git.kernel.org https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad
- git.kernel.org https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519
- git.kernel.org https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613
- git.kernel.org https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec
- git.kernel.org https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f
- git.kernel.org https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a
- git.kernel.org https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Remediation
- git.kernel.org https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee
- git.kernel.org https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad
- git.kernel.org https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519
- git.kernel.org https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613
- git.kernel.org https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec
- git.kernel.org https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f
- git.kernel.org https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a
- git.kernel.org https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b