CVE-2025-39869
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39869
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39869.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-39869
- Downstream
- Published
- 2025-09-23T06:15:46Z
- Modified
- 2025-09-24T18:11:24Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: edma: Fix memory allocation size for queueprioritymap
Fix a critical memory allocation bug in edmasetupfromhw() where queueprioritymap was allocated with insufficient memory. The code declared queuepriority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size.
This caused out-of-bounds memory writes when accessing: queueprioritymap[i][0] = i; queueprioritymap[i][1] = i;
The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang.
Change the allocation to use sizeof(*queueprioritymap) which automatically gets the correct size for the 2D array structure.
- References
-
- https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b
- https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc
- https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93
- https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5
- https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f