CVE-2025-71195

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: xilinx: xdma: Fix regmap max_register<br /> <br /> The max_register field is assigned the size of the register memory<br /> region instead of the offset of the last register.<br /> The result is that reading from the regmap via debugfs can cause<br /> a segmentation fault:<br /> <br /> tail /sys/kernel/debug/regmap/xdma.1.auto/registers<br /> Unable to handle kernel paging request at virtual address ffff800082f70000<br /> Mem abort info:<br /> ESR = 0x0000000096000007<br /> EC = 0x25: DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> FSC = 0x07: level 3 translation fault<br /> [...]<br /> Call trace:<br /> regmap_mmio_read32le+0x10/0x30<br /> _regmap_bus_reg_read+0x74/0xc0<br /> _regmap_read+0x68/0x198<br /> regmap_read+0x54/0x88<br /> regmap_read_debugfs+0x140/0x380<br /> regmap_map_read_file+0x30/0x48<br /> full_proxy_read+0x68/0xc8<br /> vfs_read+0xcc/0x310<br /> ksys_read+0x7c/0x120<br /> __arm64_sys_read+0x24/0x40<br /> invoke_syscall.constprop.0+0x64/0x108<br /> do_el0_svc+0xb0/0xd8<br /> el0_svc+0x38/0x130<br /> el0t_64_sync_handler+0x120/0x138<br /> el0t_64_sync+0x194/0x198<br /> Code: aa1e03e9 d503201f f9400000 8b214000 (b9400000)<br /> ---[ end trace 0000000000000000 ]---<br /> note: tail[1217] exited with irqs disabled<br /> note: tail[1217] exited with preempt_count 1<br /> Segmentation fault