CVE-2025-39923

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the dmaengine subsystem, specifically within the Qualcomm BAM DMA driver. Insufficient error handling when required device tree properties (clock and num-channels) are missing can lead to unsafe register reads and early boot crashes. This issue has been exploited on several Qualcomm SoCs, resulting in early boot failures. The driver attempts to probe even with incomplete device tree information, relying on firmware and timing for success, which is unreliable. The fix involves adding error handling to ensure the driver fails gracefully when essential device tree properties are absent. This may break existing, improperly tested device tree configurations, but it is considered safer to disable affected components than to risk boot crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.