Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-37840

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/05/2025
Last modified:
14/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mtd: rawnand: brcmnand: fix PM resume warning<br /> <br /> Fixed warning on PM resume as shown below caused due to uninitialized<br /> struct nand_operation that checks chip select field :<br /> WARN_ON(op-&gt;cs &gt;= nanddev_ntargets(&amp;chip-&gt;base)<br /> <br /> [ 14.588522] ------------[ cut here ]------------<br /> [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8<br /> [ 14.588553] Modules linked in: bdc udc_core<br /> [ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16<br /> [ 14.588590] Tainted: [W]=WARN<br /> [ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree)<br /> [ 14.588598] Call trace:<br /> [ 14.588604] dump_backtrace from show_stack+0x18/0x1c<br /> [ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c<br /> [ 14.588625] show_stack from dump_stack_lvl+0x70/0x7c<br /> [ 14.588639] dump_stack_lvl from dump_stack+0x18/0x1c<br /> [ 14.588653] r5:c08d40b0 r4:c1003cb0<br /> [ 14.588656] dump_stack from __warn+0x84/0xe4<br /> [ 14.588668] __warn from warn_slowpath_fmt+0x18c/0x194<br /> [ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000<br /> [ 14.588681] warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8<br /> [ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048<br /> [ 14.588697] nand_reset_op from brcmnand_resume+0x13c/0x150<br /> [ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040<br /> [ 14.588717] brcmnand_resume from platform_pm_resume+0x34/0x54<br /> [ 14.588735] r5:00000010 r4:c0840a50<br /> [ 14.588738] platform_pm_resume from dpm_run_callback+0x5c/0x14c<br /> [ 14.588757] dpm_run_callback from device_resume+0xc0/0x324<br /> [ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010<br /> [ 14.588779] device_resume from dpm_resume+0x130/0x160<br /> [ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0<br /> [ 14.588802] dpm_resume from dpm_resume_end+0x14/0x20<br /> [ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414<br /> [ 14.588826] r4:00000010<br /> [ 14.588828] dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8<br /> [ 14.588848] r5:c228a414 r4:00000000<br /> [ 14.588851] suspend_devices_and_enter from pm_suspend+0x228/0x2bc<br /> [ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000<br /> [ 14.588871] r4:00000003<br /> [ 14.588874] pm_suspend from state_store+0x74/0xd0<br /> [ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003<br /> [ 14.588892] state_store from kobj_attr_store+0x1c/0x28<br /> [ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250<br /> [ 14.588916] kobj_attr_store from sysfs_kf_write+0x40/0x4c<br /> [ 14.588936] r5:c3502900 r4:c0d92a48<br /> [ 14.588939] sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0<br /> [ 14.588956] r5:c3502900 r4:c3501f40<br /> [ 14.588960] kernfs_fop_write_iter from vfs_write+0x250/0x420<br /> [ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00<br /> [ 14.588983] r4:c042a88c<br /> [ 14.588987] vfs_write from ksys_write+0x74/0xe4<br /> [ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00<br /> [ 14.589008] r4:c34f7f00<br /> [ 14.589011] ksys_write from sys_write+0x10/0x14<br /> [ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004<br /> [ 14.589032] sys_write from ret_fast_syscall+0x0/0x5c<br /> [ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0)<br /> [ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001<br /> [ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78<br /> [ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8<br /> [ 14.589065] ---[ end trace 0000000000000000 ]---<br /> <br /> The fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when<br /> doing PM resume operation in compliance with the controller support for single<br /> die nand chip. Switching from nand_reset_op() to nan<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.16 (including) 5.4.293 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.237 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.181 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.135 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.88 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.12 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.14 (including) 6.14.3 (excluding)
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools