CVE-2025-38284

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38284
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38284.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38284
Downstream
Published
2025-07-10T08:15:26Z
Modified
2025-08-30T18:01:36Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: pci: configure manual DAC mode via PCI config API only

To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also inaccessible via mmap, so only if the bit can be accessible via PCI config API, chip can support 36-bit DMA. Otherwise, fallback to 32-bit DMA.

With NULL mmap address, kernel throws trace:

BUG: unable to handle page fault for address: 0000000000001090 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 71 Comm: irq/26-pciehp Tainted: G OE 6.14.2-061402-generic #202504101348 Tainted: [O]=OOTMODULE, [E]=UNSIGNEDMODULE RIP: 0010:rtw89pciopswrite16+0x12/0x30 [rtw89pci] RSP: 0018:ffffb0ffc0acf9d8 EFLAGS: 00010206 RAX: ffffffffc158f9c0 RBX: ffff94865e702020 RCX: 0000000000000000 RDX: 0000000000000718 RSI: 0000000000001090 RDI: ffff94865e702020 RBP: ffffb0ffc0acf9d8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000015 R13: 0000000000000719 R14: ffffb0ffc0acfa1f R15: ffffffffc1813060 FS: 0000000000000000(0000) GS:ffff9486f3480000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001090 CR3: 0000000090440001 CR4: 00000000000626f0 Call Trace: <TASK> rtw89pcireadconfigbyte+0x6d/0x120 [rtw89pci] rtw89pcicfgdac+0x5b/0xb0 [rtw89pci] rtw89pciprobe+0xa96/0xbd0 [rtw89pci] ? pfxdeviceattachdriver+0x10/0x10 ? pfxdeviceattachdriver+0x10/0x10 localpciprobe+0x47/0xa0 pcicallprobe+0x5d/0x190 pcideviceprobe+0xa7/0x160 reallyprobe+0xf9/0x370 ? pmruntimebarrier+0x55/0xa0 _driverprobedevice+0x8c/0x140 driverprobedevice+0x24/0xd0 _deviceattachdriver+0xcd/0x170 busforeachdrv+0x99/0x100 _deviceattach+0xb4/0x1d0 deviceattach+0x10/0x20 pcibusadddevice+0x59/0x90 pcibusadddevices+0x31/0x80 pciehpconfiguredevice+0xaa/0x170 pciehpenableslot+0xd6/0x240 pciehphandlepresenceorlinkchange+0xf1/0x180 pciehpist+0x162/0x1c0 irqthreadfn+0x24/0x70 irqthread+0xef/0x1c0 ? _pfxirqthreadfn+0x10/0x10 ? _pfxirqthreaddtor+0x10/0x10 ? _pfxirqthread+0x10/0x10 kthread+0xfc/0x230 ? _pfxkthread+0x10/0x10 retfromfork+0x47/0x70 ? _pfxkthread+0x10/0x10 retfromfork_asm+0x1a/0x30 </TASK>

References

Affected packages