CVE-2025-39788
- Source
- https://cve.org/CVERecord?id=CVE-2025-39788
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39788.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39788
- Downstream
- Related
- Published
- 2025-09-11T16:56:37.173Z
- Modified
- 2026-03-20T12:43:03.152461Z
- Summary
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: exynos: Fix programming of HCIUTRLNEXUS_TYPE
On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRLNEXUSTYPE incorrectly as 0.
This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour.
Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRLNEXUSTYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning:
UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int'For consistency, apply the same change to the nutmrs / UTMRLNEXUSTYPE write.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39788.json" }- References
-
- https://git.kernel.org/stable/c/01510a9e8222f11cce064410f3c2fcf0756c0a08
- https://git.kernel.org/stable/c/01aad16c2257ab8ff33b152b972c9f2e1af47912
- https://git.kernel.org/stable/c/098b2c8ee208c77126839047b9e6e1925bb35baa
- https://git.kernel.org/stable/c/5b9f1ef293428ea9c0871d96fcec2a87c4445832
- https://git.kernel.org/stable/c/6d53b2a134da77eb7fe65c5c7c7a3c193539a78a
- https://git.kernel.org/stable/c/c1f025da8f370a015e412b55cbcc583f91de8316
- https://git.kernel.org/stable/c/dc8fb963742f1a38d284946638f9358bdaa0ddee
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39788.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39788
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced55f4b1f73631a0817717fe6e98517de51b4c3527Fixed01510a9e8222f11cce064410f3c2fcf0756c0a08Fixed098b2c8ee208c77126839047b9e6e1925bb35baaFixedc1f025da8f370a015e412b55cbcc583f91de8316Fixed6d53b2a134da77eb7fe65c5c7c7a3c193539a78aFixeddc8fb963742f1a38d284946638f9358bdaa0ddeeFixed5b9f1ef293428ea9c0871d96fcec2a87c4445832Fixed01aad16c2257ab8ff33b152b972c9f2e1af47912