CVE-2025-37840
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37840
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37840.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-37840
- Downstream
- Related
- Published
- 2025-05-09T06:41:50Z
- Modified
- 2025-10-22T13:50:18.995825Z
- Summary
- mtd: rawnand: brcmnand: fix PM resume warning
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: brcmnand: fix PM resume warning
Fixed warning on PM resume as shown below caused due to uninitialized struct nandoperation that checks chip select field : WARNON(op->cs >= nanddev_ntargets(&chip->base)
[ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nandresetop+0x1e0/0x1f8 [ 14.588553] Modules linked in: bdc udccore [ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16 [ 14.588590] Tainted: [W]=WARN [ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree) [ 14.588598] Call trace: [ 14.588604] dumpbacktrace from showstack+0x18/0x1c [ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c [ 14.588625] showstack from dumpstacklvl+0x70/0x7c [ 14.588639] dumpstacklvl from dumpstack+0x18/0x1c [ 14.588653] r5:c08d40b0 r4:c1003cb0 [ 14.588656] dumpstack from _warn+0x84/0xe4 [ 14.588668] _warn from warnslowpathfmt+0x18c/0x194 [ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000 [ 14.588681] warnslowpathfmt from nandresetop+0x1e0/0x1f8 [ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048 [ 14.588697] nandresetop from brcmnandresume+0x13c/0x150 [ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040 [ 14.588717] brcmnandresume from platformpmresume+0x34/0x54 [ 14.588735] r5:00000010 r4:c0840a50 [ 14.588738] platformpmresume from dpmruncallback+0x5c/0x14c [ 14.588757] dpmruncallback from deviceresume+0xc0/0x324 [ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010 [ 14.588779] deviceresume from dpmresume+0x130/0x160 [ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0 [ 14.588802] dpmresume from dpmresumeend+0x14/0x20 [ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414 [ 14.588826] r4:00000010 [ 14.588828] dpmresumeend from suspenddevicesandenter+0x274/0x6f8 [ 14.588848] r5:c228a414 r4:00000000 [ 14.588851] suspenddevicesandenter from pmsuspend+0x228/0x2bc [ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000 [ 14.588871] r4:00000003 [ 14.588874] pmsuspend from statestore+0x74/0xd0 [ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003 [ 14.588892] statestore from kobjattrstore+0x1c/0x28 [ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250 [ 14.588916] kobjattrstore from sysfskfwrite+0x40/0x4c [ 14.588936] r5:c3502900 r4:c0d92a48 [ 14.588939] sysfskfwrite from kernfsfopwriteiter+0x104/0x1f0 [ 14.588956] r5:c3502900 r4:c3501f40 [ 14.588960] kernfsfopwriteiter from vfswrite+0x250/0x420 [ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00 [ 14.588983] r4:c042a88c [ 14.588987] vfswrite from ksyswrite+0x74/0xe4 [ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00 [ 14.589008] r4:c34f7f00 [ 14.589011] ksyswrite from syswrite+0x10/0x14 [ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004 [ 14.589032] syswrite from retfastsyscall+0x0/0x5c [ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0) [ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001 [ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78 [ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8 [ 14.589065] ---[ end trace 0000000000000000 ]---
The fix uses the higher level nandreset(chip, chipnr); where chipnr = 0, when doing PM resume operation in compliance with the controller support for single die nand chip. Switching from nandreset_op() to nan ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/659b1f29f3e2fd5d751fdf35c5526d1f1c9b3dd2
- https://git.kernel.org/stable/c/6f567c6a5250e3531cfd9c7ff254ecc2650464fa
- https://git.kernel.org/stable/c/7266066b9469f04ed1d4c0fdddaea1425835eb55
- https://git.kernel.org/stable/c/8775581e1c48e1bdd04a893d6f6bbe5128ad0ea7
- https://git.kernel.org/stable/c/9bd51723ab51580e077c91d494c37e80703b8524
- https://git.kernel.org/stable/c/9dd161f707ecb7db38e5f529e979a5b6eb565b2d
- https://git.kernel.org/stable/c/c2eb3cffb0d972c5503e4d48921971c81def0fe5
- https://git.kernel.org/stable/c/ddc210cf8b8a8be68051ad958bf3e2cef6b681c2
- https://git.kernel.org/stable/c/fbcb584efa5cd912ff8a151d67b8fe22f4162a85
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed6f567c6a5250e3531cfd9c7ff254ecc2650464fa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed8775581e1c48e1bdd04a893d6f6bbe5128ad0ea7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixedfbcb584efa5cd912ff8a151d67b8fe22f4162a85
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed9dd161f707ecb7db38e5f529e979a5b6eb565b2d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed9bd51723ab51580e077c91d494c37e80703b8524
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed7266066b9469f04ed1d4c0fdddaea1425835eb55
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixedc2eb3cffb0d972c5503e4d48921971c81def0fe5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixed659b1f29f3e2fd5d751fdf35c5526d1f1c9b3dd2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97d90da8a886949f09bb4754843fb0b504956ad2Fixedddc210cf8b8a8be68051ad958bf3e2cef6b681c2
Affected versions
v4.*
v5.*
v6.*
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.16.0Fixed5.4.293
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.237
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.181
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.135
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.88
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.24
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.13.12
- Type
- ECOSYSTEM
- Events
-
Introduced6.14.0Fixed6.14.3