CVE-2025-38284

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw89: pci: configure manual DAC mode via PCI config API only<br /> <br /> To support 36-bit DMA, configure chip proprietary bit via PCI config API<br /> or chip DBI interface. However, the PCI device mmap isn&amp;#39;t set yet and<br /> the DBI is also inaccessible via mmap, so only if the bit can be accessible<br /> via PCI config API, chip can support 36-bit DMA. Otherwise, fallback to<br /> 32-bit DMA.<br /> <br /> With NULL mmap address, kernel throws trace:<br /> <br /> BUG: unable to handle page fault for address: 0000000000001090<br /> #PF: supervisor write access in kernel mode<br /> #PF: error_code(0x0002) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0002 [#1] PREEMPT SMP PTI<br /> CPU: 1 UID: 0 PID: 71 Comm: irq/26-pciehp Tainted: G OE 6.14.2-061402-generic #202504101348<br /> Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE<br /> RIP: 0010:rtw89_pci_ops_write16+0x12/0x30 [rtw89_pci]<br /> RSP: 0018:ffffb0ffc0acf9d8 EFLAGS: 00010206<br /> RAX: ffffffffc158f9c0 RBX: ffff94865e702020 RCX: 0000000000000000<br /> RDX: 0000000000000718 RSI: 0000000000001090 RDI: ffff94865e702020<br /> RBP: ffffb0ffc0acf9d8 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000015<br /> R13: 0000000000000719 R14: ffffb0ffc0acfa1f R15: ffffffffc1813060<br /> FS: 0000000000000000(0000) GS:ffff9486f3480000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000001090 CR3: 0000000090440001 CR4: 00000000000626f0<br /> Call Trace:<br /> <br /> rtw89_pci_read_config_byte+0x6d/0x120 [rtw89_pci]<br /> rtw89_pci_cfg_dac+0x5b/0xb0 [rtw89_pci]<br /> rtw89_pci_probe+0xa96/0xbd0 [rtw89_pci]<br /> ? __pfx___device_attach_driver+0x10/0x10<br /> ? __pfx___device_attach_driver+0x10/0x10<br /> local_pci_probe+0x47/0xa0<br /> pci_call_probe+0x5d/0x190<br /> pci_device_probe+0xa7/0x160<br /> really_probe+0xf9/0x370<br /> ? pm_runtime_barrier+0x55/0xa0<br /> __driver_probe_device+0x8c/0x140<br /> driver_probe_device+0x24/0xd0<br /> __device_attach_driver+0xcd/0x170<br /> bus_for_each_drv+0x99/0x100<br /> __device_attach+0xb4/0x1d0<br /> device_attach+0x10/0x20<br /> pci_bus_add_device+0x59/0x90<br /> pci_bus_add_devices+0x31/0x80<br /> pciehp_configure_device+0xaa/0x170<br /> pciehp_enable_slot+0xd6/0x240<br /> pciehp_handle_presence_or_link_change+0xf1/0x180<br /> pciehp_ist+0x162/0x1c0<br /> irq_thread_fn+0x24/0x70<br /> irq_thread+0xef/0x1c0<br /> ? __pfx_irq_thread_fn+0x10/0x10<br /> ? __pfx_irq_thread_dtor+0x10/0x10<br /> ? __pfx_irq_thread+0x10/0x10<br /> kthread+0xfc/0x230<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x47/0x70<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br />