CVE-2025-38042

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38042
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38042.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38042
Downstream
Published
2025-06-18T09:33:27Z
Modified
2025-10-16T01:23:19.478771Z
Summary
dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: k3-udma-glue: Drop skipfdq argument from k3udmaglueresetrxchn

The user of k3udmaglueresetrxchn() e.g. tiam65cpswnuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel.

So far we have been relying on the skipfdq argument of k3udmaglueresetrxchn().

Instead of relying on the user to provide this information, infer it based on DMA architecture during k3udmagluerequestrxchn() and save it in an internal flag 'singlefdq'. Use that flag at k3udmaglueresetrx_chn() to deicide if the FDQ needs to be cleared for every flow or just for flow 0.

Fixes the below issue on tiam65cpsw_nuss driver on AM62-SK.

ip link set eth1 down ip link set eth0 down ethtool -L eth0 rx 8 ip link set eth0 up modprobe -r tiam65cpsw_nuss

[ 103.045726] ------------[ cut here ]------------ [ 103.050505] k3knavdescpool size 512000 != avail 64000 [ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.068810] Modules linked in: tiam65cpswnuss(-) k3cppidescpool sndsochdmicodec crct10difce sndsocsimplecard sndsocsimplecardutils displayconnector rtctik3 k3j72xxbandgap tidss drmclientlib sndsocdavincimcas p drmdmahelper tps6598x phylink sndsoctiudma rtiwdt drmdisplayhelper sndsoctlv320aic3xi2c typec at24 phygmiisel sndsoctiedma sndsoctlv320aic3x sii902x sndsoctisdma sa2ul omapmailbox drmkmshelper authenc cfg80211 r fkill fuse drm drmpanelorientationquirks backlight iptables xtables ipv6 [last unloaded: k3cppidescpool] [ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011 [ 103.119968] Hardware name: Texas Instruments AM625 SK (DT) [ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.119983] pc : k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.148007] lr : k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.154709] sp : ffff8000826ebbc0 [ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000 [ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0 [ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88 [ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000 [ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde [ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000 [ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20 [ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100 [ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000 [ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000 [ 103.229274] Call trace: [ 103.231714] k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] (P) [ 103.238408] am65cpswnussfreerxchns+0x28/0x4c [tiam65cpswnuss] [ 103.244942] devmactionrelease+0x14/0x20 [ 103.249040] releasenodes+0x3c/0x68 [ 103.252610] devresreleaseall+0x8c/0xdc [ 103.256614] deviceunbindcleanup+0x18/0x60 [ 103.260876] devicereleasedriverinternal+0xf8/0x178 [ 103.266004] driverdetach+0x50/0x9c [ 103.269571] busremovedriver+0x6c/0xbc [ 103.273485] driverunregister+0x30/0x60 [ 103.277401] platformdriverunregister+0x14/0x20 [ 103.282096] am65cpswnussdriverexit+0x18/0xff4 [tiam65cpswnuss] [ 103.288620] _arm64sysdeletemodule+0x17c/0x25c [ 103.293404] invokesyscall+0x44/0x100 [ 103.297149] el0svccommon.constprop.0+0xc0/0xe0 [ 103.301845] doel0svc+0x1c/0x28 [ 103.305155] el0_svc+0x28/0x98 ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d702419134133db1eab2067dc6ea5723467fd917
Fixed
d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d702419134133db1eab2067dc6ea5723467fd917
Fixed
0da30874729baeb01889b0eca16cfda122687503

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.5
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.14.7
v6.14.8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
6.14.9