CVE-2025-71195 in Linuxinfo

Summary

by MITRE • 02/04/2026

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: xilinx: xdma: Fix regmap max_register

The max_register field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause a segmentation fault:

tail /sys/kernel/debug/regmap/xdma.1.auto/registers Unable to handle kernel paging request at virtual address ffff800082f70000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault [...]
Call trace: regmap_mmio_read32le+0x10/0x30 _regmap_bus_reg_read+0x74/0xc0 _regmap_read+0x68/0x198 regmap_read+0x54/0x88 regmap_read_debugfs+0x140/0x380 regmap_map_read_file+0x30/0x48 full_proxy_read+0x68/0xc8 vfs_read+0xcc/0x310 ksys_read+0x7c/0x120 __arm64_sys_read+0x24/0x40 invoke_syscall.constprop.0+0x64/0x108 do_el0_svc+0xb0/0xd8 el0_svc+0x38/0x130 el0t_64_sync_handler+0x120/0x138 el0t_64_sync+0x194/0x198 Code: aa1e03e9 d503201f f9400000 8b214000 (b9400000) ---[ end trace 0000000000000000 ]---
note: tail[1217] exited with irqs disabled
note: tail[1217] exited with preempt_count 1
Segmentation fault

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/30/2026

The vulnerability CVE-2025-71195 affects the Linux kernel's dmaengine subsystem, specifically within the xilinx xdma driver implementation. This issue stems from an incorrect assignment of the max_register field in the regmap configuration, which creates a critical memory access violation when attempting to read register information through debugfs interfaces. The flaw manifests when the system tries to access register memory through the debugfs interface at /sys/kernel/debug/regmap/xdma.1.auto/registers, leading to kernel page faults and system crashes.

The technical root cause lies in the improper initialization of the regmap structure where the max_register field is set to the total size of the register memory region rather than the offset of the last valid register within that region. This misconfiguration causes the regmap subsystem to attempt reading beyond the valid memory boundaries when debugfs operations are performed. The error occurs during the execution of regmap_mmio_read32le function which attempts to access memory at virtual address ffff800082f70000, resulting in a data abort exception with ESR code indicating a translation fault at level 3.

When users attempt to read register information through the debugfs interface, the kernel's memory management system cannot resolve the invalid memory access, leading to segmentation faults and system instability. The call trace demonstrates the execution path from the debugfs read operation through the regmap subsystem to the final memory access failure, with the error occurring in the regmap_map_read_file function that handles debugfs read operations. The interrupt and preemption state information indicates that the fault occurs with interrupts disabled and preemption count set to 1, suggesting a context where the kernel's memory management is particularly sensitive to invalid address accesses.

This vulnerability represents a classic case of improper memory boundary calculation that violates fundamental memory safety principles and can be classified under CWE-129, which addresses improper validation of array indices. The impact extends beyond simple system crashes to potentially enabling privilege escalation or denial of service conditions, particularly in embedded systems that rely heavily on xilinx dma engines for data movement operations. The ATT&CK framework categorizes this under privilege escalation through kernel vulnerabilities, as the flaw allows unauthorized access to kernel memory regions through legitimate debugfs interfaces. The vulnerability affects systems using xilinx dma engines and can be exploited by malicious actors to cause system instability or potentially gain elevated privileges through carefully crafted debugfs access patterns.

The recommended mitigation involves correcting the max_register field assignment in the xdma driver's regmap initialization to properly reflect the offset of the last valid register rather than the total memory region size. This fix ensures that all memory accesses through the debugfs interface remain within valid bounds and prevents the kernel from attempting to access unmapped memory regions. System administrators should apply the patched kernel version immediately, particularly in production environments where xilinx dma engines are actively used. Additionally, monitoring for debugfs access patterns and implementing proper access controls for debug interfaces can help detect and prevent exploitation attempts. The vulnerability highlights the importance of proper memory management in kernel subsystems and the critical need for thorough validation of memory boundary calculations in low-level drivers that interface directly with hardware registers.

Responsible

Linux

Reservation

01/31/2026

Disclosure

02/04/2026

Moderation

accepted

CPE

ready

EPSS

0.00168

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!