CVE-2025-38439
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/07/2025
Last modified:
22/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT<br />
<br />
When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()<br />
with the proper length instead of 0. This bug triggers this warning<br />
on a system with IOMMU enabled:<br />
<br />
WARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170<br />
RIP: 0010:__iommu_dma_unmap+0x159/0x170<br />
Code: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45<br />
b8 4c 89 45 c0 e9 77 ff ff ff 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00<br />
RSP: 0018:ff22d31181150c88 EFLAGS: 00010206<br />
RAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000<br />
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br />
RBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000<br />
R10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000<br />
R13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00<br />
FS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0<br />
PKRU: 55555554<br />
Call Trace:<br />
<br />
? show_regs+0x6d/0x80<br />
? __warn+0x89/0x160<br />
? __iommu_dma_unmap+0x159/0x170<br />
? report_bug+0x17e/0x1b0<br />
? handle_bug+0x46/0x90<br />
? exc_invalid_op+0x18/0x80<br />
? asm_exc_invalid_op+0x1b/0x20<br />
? __iommu_dma_unmap+0x159/0x170<br />
? __iommu_dma_unmap+0xb3/0x170<br />
iommu_dma_unmap_page+0x4f/0x100<br />
dma_unmap_page_attrs+0x52/0x220<br />
? srso_alias_return_thunk+0x5/0xfbef5<br />
? xdp_return_frame+0x2e/0xd0<br />
bnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]<br />
__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]<br />
bnxt_poll+0xd3/0x1e0 [bnxt_en]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3 (including) | 5.4.296 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.240 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.189 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.146 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.99 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.39 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee
- https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad
- https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519
- https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613
- https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec
- https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f
- https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a
- https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html