CVE-2025-38152

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc7-next-20250317

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when using U-Boot to start a remote processor with a resource table published to a fixed address, then stopping the processor, loading new firmware without a resource table, and restarting the processor. This can trigger a kernel dump due to a NULL pointer dereference. The issue is found on i.MX8MP and i.MX9 devices.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. As a temporary workaround, consider disabling the rproc start function until a patch is available. Restrict access to the vulnerable remoteproc module to minimize the risk of exploitation. Avoid using the rproc shutdown function with firmware that does not have a resource table until the issue is resolved.