CVE-2025-38042

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7

Description A vulnerability has been resolved in the Linux kernel related to the dmaengine, specifically the k3-udma-glue. The issue arises from the k3 udma glue reset rx chn() function, which previously relied on the skip fdq argument to determine whether to clear the FDQ for every flow or just for flow 0. This has been fixed by inferring the DMA architecture during k3 udma glue request rx chn() and saving it in an internal flag single fdq. The vulnerability was observed on the ti am65 cpsw nuss driver on AM62-SK, causing a warning when the k3 cppi desc pool destroy() function was called.

Recommendations For Linux kernel version prior to 6.13.0-rc7, update to version 6.13.0-rc7 or later to resolve the issue. As a temporary workaround, consider disabling the k3 udma glue reset rx chn() function until a patch is available. Restrict access to the vulnerable module k3 cppi desc pool to minimize the risk of exploitation. Avoid using the k3 cppi desc pool destroy() function in the affected API endpoint until the issue is resolved.