lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025100109-CVE-2025-39907-73b1@gregkh>
Date: Wed,  1 Oct 2025 09:47:12 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-39907: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer

Avoid below overlapping mappings by using a contiguous
non-cacheable buffer.

[    4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,
overlapping mappings aren't supported
[    4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300
[    4.097071] Modules linked in:
[    4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1
[    4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)
[    4.118824] Workqueue: events_unbound deferred_probe_work_func
[    4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[    4.131624] pc : add_dma_entry+0x23c/0x300
[    4.135658] lr : add_dma_entry+0x23c/0x300
[    4.139792] sp : ffff800009dbb490
[    4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000
[    4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8
[    4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20
[    4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006
[    4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e
[    4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec
[    4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58
[    4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000
[    4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000
[    4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40
[    4.214185] Call trace:
[    4.216605]  add_dma_entry+0x23c/0x300
[    4.220338]  debug_dma_map_sg+0x198/0x350
[    4.224373]  __dma_map_sg_attrs+0xa0/0x110
[    4.228411]  dma_map_sg_attrs+0x10/0x2c
[    4.232247]  stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc
[    4.237088]  stm32_fmc2_nfc_seq_read_page+0xc8/0x174
[    4.242127]  nand_read_oob+0x1d4/0x8e0
[    4.245861]  mtd_read_oob_std+0x58/0x84
[    4.249596]  mtd_read_oob+0x90/0x150
[    4.253231]  mtd_read+0x68/0xac

The Linux kernel CVE team has assigned CVE-2025-39907 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.1 with commit 2cd457f328c100bc98e36d55fe210e9ab067c704 and fixed in 6.1.153 with commit 75686c49574dd5f171ca682c18717787f1d8d55e
	Issue introduced in 5.1 with commit 2cd457f328c100bc98e36d55fe210e9ab067c704 and fixed in 6.6.107 with commit 06d8ef8f853752fea88c8d5bb093a40e71b330cf
	Issue introduced in 5.1 with commit 2cd457f328c100bc98e36d55fe210e9ab067c704 and fixed in 6.12.48 with commit 26adba1e7d7924174e15a3ba4b1132990786300b
	Issue introduced in 5.1 with commit 2cd457f328c100bc98e36d55fe210e9ab067c704 and fixed in 6.16.8 with commit f6fd98d961fa6f97347cead4f08ed862cbbb91ff
	Issue introduced in 5.1 with commit 2cd457f328c100bc98e36d55fe210e9ab067c704 and fixed in 6.17 with commit 513c40e59d5a414ab763a9c84797534b5e8c208d

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-39907
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/mtd/nand/raw/stm32_fmc2_nand.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e
	https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf
	https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b
	https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff
	https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ