Linux Kernel up to 6.17.5 spi kernel/dma/debug.c dma_map_single allocation of resources

Summaryinfo

A vulnerability was found in Linux Kernel up to 6.17.5. It has been declared as critical. Affected by this vulnerability is the function dma_map_single of the file kernel/dma/debug.c of the component spi. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-40356. There is not any exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.17.5 and classified as critical. Affected by this issue is the function dma_map_single of the file kernel/dma/debug.c of the component spi. The manipulation with an unknown input leads to a allocation of resources vulnerability. Using CWE to declare the problem leads to CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. The impact remains unknown. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dma_map_single() call for getting the DMA address of the transfer buffer instead of hacking with virt_to_phys(). This fixes the following DMA-API debug warning: ------------[ cut here ]------------ DMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated [device address=0x000000000cf70000] [size=288 bytes] WARNING: kernel/dma/debug.c:1106 at check_sync+0x1d8/0x690, CPU#2: systemd-udevd/151 Modules linked in: ... Hardware name: Hardkernel ODROID-M1 (DT) pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : check_sync+0x1d8/0x690 lr : check_sync+0x1d8/0x690 .. Call trace: check_sync+0x1d8/0x690 (P) debug_dma_sync_single_for_cpu+0x84/0x8c __dma_sync_single_for_cpu+0x88/0x234 rockchip_sfc_exec_mem_op+0x4a0/0x798 [spi_rockchip_sfc] spi_mem_exec_op+0x408/0x498 spi_nor_read_data+0x170/0x184 spi_nor_read_sfdp+0x74/0xe4 spi_nor_parse_sfdp+0x120/0x11f0 spi_nor_sfdp_init_params_deprecated+0x3c/0x8c spi_nor_scan+0x690/0xf88 spi_nor_probe+0xe4/0x304 spi_mem_probe+0x6c/0xa8 spi_probe+0x94/0xd4 really_probe+0xbc/0x298 ...

The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2025-40356 since 04/16/2025. The exploitation is known to be difficult. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 279007 (Linux Distros Unpatched Vulnerability : CVE-2025-40356), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.17.6 eliminates this vulnerability. Applying the patch 22810d4cb0e8a7d51b24527e73beac60afc1c693/ee795e82e10197c070efd380dc9615c73dffad6c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (279007) and CERT Bund (WID-SEC-2025-2868). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• SUSE openSUSE
• RESF Rocky Linux
• Open Source Linux Kernel

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.17.0
• 6.17.1
• 6.17.2
• 6.17.3
• 6.17.4
• 6.17.5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion