CVE-2025-40356

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the SPI subsystem, specifically in the rockchip-sfc driver. The problem stems from the incorrect usage of DMA-API, where virt to phys() was used to obtain the DMA address of the transfer buffer instead of the correct dma map single() function. This resulted in a DMA-API debug warning indicating that the driver was attempting to synchronize DMA memory it had not allocated. The issue was identified through a warning message during kernel operation, specifically related to the rockchip-sfc driver and the synchronization of DMA memory. The dma map single() function is used to map a single buffer for DMA access, while virt to phys() converts a virtual address to a physical address. Using the latter incorrectly can lead to memory management issues and potential security concerns. The rockchip sfc exec mem op() function and related functions like spi mem exec op() and spi nor read data() are involved in the process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.