CVE-2025-39869

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-39869
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39869.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39869
Downstream
Published
2025-09-23T06:15:46Z
Modified
2025-09-24T18:11:24Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: edma: Fix memory allocation size for queueprioritymap

Fix a critical memory allocation bug in edmasetupfromhw() where queueprioritymap was allocated with insufficient memory. The code declared queuepriority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size.

This caused out-of-bounds memory writes when accessing: queueprioritymap[i][0] = i; queueprioritymap[i][1] = i;

The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang.

Change the allocation to use sizeof(*queueprioritymap) which automatically gets the correct size for the 2D array structure.

References

Affected packages