CVE-2025-39869
published 2025-09-23CVE-2025-39869: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
Fix a critical memory allocation bug in edma_setup_from_hw() where
queue_priority_map was allocated with insufficient memory. The code
declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),
but allocated memory using sizeof(s8) instead of the correct size.
This caused out-of-bounds memory writes when accessing:
queue_priority_map[i][0] = i;
queue_priority_map[i][1] = i;
The bug manifested as kernel crashes with "Oops - undefined instruction"
on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the
memory corruption triggered kernel hardening features on Clang.
Change the allocation to use sizeof(*queue_priority_map) which
automatically gets the correct size for the 2D array structure.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < 7d4de60d6db02d9b01d5890d5156b04fad65d07a | 7d4de60d6db02d9b01d5890d5156b04fad65d07a |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < d722de80ce037dccf6931e778f4a46499d51bdf9 | d722de80ce037dccf6931e778f4a46499d51bdf9 |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < 301a96cc4dc006c9a285913d301e681cfbf7edb6 | 301a96cc4dc006c9a285913d301e681cfbf7edb6 |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < 5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93 | 5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93 |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < 1baed10553fc8b388351d8fc803e3ae6f1a863bc | 1baed10553fc8b388351d8fc803e3ae6f1a863bc |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < 069fd1688c57c0cc8a3de64d108579b31676f74b | 069fd1688c57c0cc8a3de64d108579b31676f74b |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < d5e82f3f2c918d446df46e8d65f8083fd97cdec5 | d5e82f3f2c918d446df46e8d65f8083fd97cdec5 |
| linux | linux | >= 2b6b3b7420190888793c49e97276e1e73bd7eaed < e63419dbf2ceb083c1651852209c7f048089ac0f | e63419dbf2ceb083c1651852209c7f048089ac0f |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.247-1 | 5.10.247-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.8-1 | 6.16.8-1 |
| linux | linux_kernel | >= 0 < 5.15.0-170.180 | 5.15.0-170.180 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 4.4 < 5.4.300 | 5.4.300 |
| linux | linux_kernel | >= 5.11 < 5.15.194 | 5.15.194 |
| linux | linux_kernel | >= 5.16 < 6.1.153 | 6.1.153 |
| linux | linux_kernel | >= 5.5 < 5.10.245 | 5.10.245 |
| linux | linux_kernel | >= 6.13 < 6.16.8 | 6.16.8 |
| linux | linux_kernel | >= 6.2 < 6.6.107 | 6.6.107 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.8HIGH