CVE-2025-39923

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees<br /> <br /> When we don&amp;#39;t have a clock specified in the device tree, we have no way to<br /> ensure the BAM is on. This is often the case for remotely-controlled or<br /> remotely-powered BAM instances. In this case, we need to read num-channels<br /> from the DT to have all the necessary information to complete probing.<br /> <br /> However, at the moment invalid device trees without clock and without<br /> num-channels still continue probing, because the error handling is missing<br /> return statements. The driver will then later try to read the number of<br /> channels from the registers. This is unsafe, because it relies on boot<br /> firmware and lucky timing to succeed. Unfortunately, the lack of proper<br /> error handling here has been abused for several Qualcomm SoCs upstream,<br /> causing early boot crashes in several situations [1, 2].<br /> <br /> Avoid these early crashes by erroring out when any of the required DT<br /> properties are missing. Note that this will break some of the existing DTs<br /> upstream (mainly BAM instances related to the crypto engine). However,<br /> clearly these DTs have never been tested properly, since the error in the<br /> kernel log was just ignored. It&amp;#39;s safer to disable the crypto engine for<br /> these broken DTBs.<br /> <br /> [1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/<br /> [2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/