CVE-2025-39739 in Linuxinfo

Summary

by MITRE • 09/11/2025

In the Linux kernel, the following vulnerability has been resolved:

iommu/arm-smmu-qcom: Add SM6115 MDSS compatible

Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115 generates a lot of smmu unhandled context faults during boot:

arm_smmu_context_fault: 116854 callbacks suppressed arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420
arm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]
arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420

and also failed initialisation of lontium lt9611uxc, gpu and dpu is observed: (binding MDSS components triggered by lt9611uxc have failed)

------------[ cut here ]------------
!aspace WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]
Modules linked in: ... (long list of modules) CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : msm_gem_vma_init+0x150/0x18c [msm]
lr : msm_gem_vma_init+0x150/0x18c [msm]
sp : ffff80008144b280 ... Call trace: msm_gem_vma_init+0x150/0x18c [msm] (P)
get_vma_locked+0xc0/0x194 [msm]
msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]
msm_gem_kernel_new+0x48/0x160 [msm]
msm_gpu_init+0x34c/0x53c [msm]
adreno_gpu_init+0x1b0/0x2d8 [msm]
a6xx_gpu_init+0x1e8/0x9e0 [msm]
adreno_bind+0x2b8/0x348 [msm]
component_bind_all+0x100/0x230 msm_drm_bind+0x13c/0x3d0 [msm]
try_to_bring_up_aggregate_device+0x164/0x1d0 __component_add+0xa4/0x174 component_add+0x14/0x20 dsi_dev_attach+0x20/0x34 [msm]
dsi_host_attach+0x58/0x98 [msm]
devm_mipi_dsi_attach+0x34/0x90 lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]
lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]
i2c_device_probe+0x148/0x2a8 really_probe+0xbc/0x2c0 __driver_probe_device+0x78/0x120 driver_probe_device+0x3c/0x154 __driver_attach+0x90/0x1a0 bus_for_each_dev+0x68/0xb8 driver_attach+0x24/0x30 bus_add_driver+0xe4/0x208 driver_register+0x68/0x124 i2c_register_driver+0x48/0xcc lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]
do_one_initcall+0x60/0x1d4 do_init_module+0x54/0x1fc load_module+0x1748/0x1c8c init_module_from_file+0x74/0xa0 __arm64_sys_finit_module+0x130/0x2f8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x2c/0x80 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]---
msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22
msm_dpu 5e01000.display-controller: failed to load adreno gpu platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19 msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22
msm_dpu 5e01000.display-controller: adev bind failed: -22 lt9611uxc 0-002b: failed to attach dsi to host lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 11/26/2025

The vulnerability described in CVE-2025-39739 relates to a missing device compatibility entry in the Qualcomm ARM SMMU driver within the Linux kernel, specifically affecting systems based on the SM6115 SoC such as the QRB4210 RB2 development board. This issue manifests as persistent unhandled context faults during system boot and leads to failures in initializing critical subsystems including the DPU, GPU, and display components. The root cause lies in the absence of the SM6115 MDSS compatible entry in the list of devices requiring a specific workaround, which is necessary to prevent incorrect memory translation faults in the SMMU unit.

The technical flaw stems from an incomplete device tree compatibility matching within the iommu/arm-smmu-qcom driver implementation. When the system attempts to map memory for graphics and display functions, the SMMU unit encounters translation faults due to a mismatch between expected and actual memory access patterns. These faults are characterized by FSR (Fault Status Register) values indicating translation failures with format 2 and table fault types, alongside specific SID (Substream ID) values that point to the faulty memory access paths. The repeated occurrence of these faults suppresses callback logging and indicates a systemic failure in memory management rather than isolated errors.

The operational impact of this vulnerability is severe, as it prevents proper initialization of the display subsystem and GPU components, effectively rendering the device unusable for graphical workloads. The failure occurs early in the boot process, making it a critical issue for embedded systems and development platforms. The error messages reference the msm_gem_vma_init function and show that memory allocation for GPU operations fails with error code -22, which corresponds to EINVAL or invalid argument errors. This cascading failure affects component binding, driver initialization, and ultimately prevents the system from achieving full operational capability.

The resolution involves adding the SM6115 MDSS compatible string to the list of devices requiring the workaround, which ensures that the SMMU driver applies the necessary memory mapping corrections for this specific SoC variant. This fix aligns with common practices in embedded Linux systems where device-specific quirks must be addressed to maintain compatibility across different hardware revisions. The vulnerability demonstrates the importance of thorough device compatibility testing and the need for precise hardware-specific workarounds in ARM SMMU implementations, which are crucial for preventing memory management failures in mobile and embedded systems.

This vulnerability maps to CWE-122, which deals with insufficient synchronization, and aligns with ATT&CK technique T1059.003 for system compromise through driver manipulation. The issue highlights the critical nature of IOMMU drivers in system security and stability, as improper memory protection can lead to privilege escalation and system instability. The fix exemplifies the importance of maintaining comprehensive device compatibility lists in kernel drivers to prevent hardware-specific memory translation issues that can compromise entire system functionality.

Responsible

Linux

Reservation

04/16/2025

Disclosure

09/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00145

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!