CVE-2025-39869Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read27 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 94.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 23
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; q

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel4.45.4.300+7
Debianlinux/linux_kernel< 5.10.247-1+3
CVEListV5linux/linux2b6b3b7420190888793c49e97276e1e73bd7eaed7d4de60d6db02d9b01d5890d5156b04fad65d07a+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-39869: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a criti2025-09-23
GHSA
GHSA-mwhg-gwrr-ff82: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a cri2025-09-23
CVEList
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map2025-09-23

📋Vendor Advisories

23
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
CVE-2025-39869 — Out-of-bounds Read in Linux | cvebase