CVE-2025-38398

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the spi-qpic-snand driver related to the allocation of memory for BAM transactions. The driver initially allocates memory for only one codeword, which is insufficient when the number of required transactions exceeds the allocated array size, leading to out-of-bounds memory access and potential memory corruption. This can result in system panics, including NULL pointer dereferences and spinlock magic errors. The issue occurs when using the mtd nandbiterrs module for testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.