CVE-2025-38152

There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc.

When starting rproc with a firmware not have resource table, memcpy(loaded_table, rproc->cached_table, rproc->table_sz) will trigger dump, because rproc->cachetable is set to NULL during the last stop operation, but rproc->tablesz is still valid.

This issue is found on i.MX8MP and i.MX9.

Dump as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38 Hardware name: NXP i.MX8MPlus EVK board (DT) pstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : _pimemcpygeneric+0x110/0x22c lr : rprocstart+0x88/0x1e0 Call trace: _pimemcpygeneric+0x110/0x22c (P) rprocboot+0x198/0x57c statestore+0x40/0x104 devattrstore+0x18/0x2c sysfskfwrite+0x7c/0x94 kernfsfopwriteiter+0x120/0x1cc vfswrite+0x240/0x378 ksyswrite+0x70/0x108 _arm64syswrite+0x1c/0x28 invokesyscall+0x48/0x10c el0svccommon.constprop.0+0xc0/0xe0 doel0svc+0x1c/0x28 el0svc+0x30/0xcc el0t64synchandler+0x10c/0x138 el0t64sync+0x198/0x19c

Clear rproc->table_sz to address the issue.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

6e66bca8cd51ebedd5d32426906a38e4a3c69c5f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

e6015ca453b82ec54aec9682dcc38773948fcc48

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

7c6bb82a6f3da6ab2d3fbea03901482231708b98

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

2df19f5f6f72da6f6ebab7cdb3a3b9f7686bb476

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

8e0fd2a3b9852ac3cf540edb06ccc0153b38b5af

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

068f6648ff5b0c7adeb6c363fae7fb188aa178fa

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9dc9507f1880fb6225e3e058cb5219b152cbf198

Fixed

efdde3d73ab25cef4ff2d06783b0aad8b093c0e4

Affected versions

v5.*

v5.12

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.113

v5.15.114

v5.15.115

v5.15.116

v5.15.117

v5.15.118

v5.15.119

v5.15.12

v5.15.120

v5.15.121

v5.15.122

v5.15.123

v5.15.124

v5.15.125

v5.15.126

v5.15.127

v5.15.128

v5.15.129

v5.15.13

v5.15.130

v5.15.131

v5.15.132

v5.15.133

v5.15.134

v5.15.135

v5.15.136

v5.15.137

v5.15.138

v5.15.139

v5.15.14

v5.15.140

v5.15.141

v5.15.142

v5.15.143

v5.15.144

v5.15.145

v5.15.146

v5.15.147

v5.15.148

v5.15.149

v5.15.15

v5.15.150

v5.15.151

v5.15.152

v5.15.153

v5.15.154

v5.15.155

v5.15.156

v5.15.157

v5.15.158

v5.15.159

v5.15.16

v5.15.160

v5.15.161

v5.15.162

v5.15.163

v5.15.164

v5.15.165

v5.15.166

v5.15.167

v5.15.168

v5.15.169

v5.15.17

v5.15.170

v5.15.171

v5.15.172

v5.15.173

v5.15.174

v5.15.175

v5.15.176

v5.15.177

v5.15.178

v5.15.179

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.11

v6.1.110

v6.1.111

v6.1.112

v6.1.113

v6.1.114

v6.1.115

v6.1.116

v6.1.117

v6.1.118

v6.1.119

v6.1.12

v6.1.120

v6.1.121

v6.1.122

v6.1.123

v6.1.124

v6.1.125

v6.1.126

v6.1.127

v6.1.128

v6.1.129

v6.1.13

v6.1.130

v6.1.131

v6.1.132

v6.1.133

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.9

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.10

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.13.6

v6.13.7

v6.13.8

v6.13.9

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.14.1

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.13.0

Fixed

5.15.180

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.134

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.87

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.23

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.11

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.2