CVE-2025-39907

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-39907
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39907.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39907
Downstream
Related
Published
2025-10-01T07:44:30.864Z
Modified
2025-11-28T02:35:18.973869Z
Summary
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer

Avoid below overlapping mappings by using a contiguous non-cacheable buffer.

[ 4.077708] DMA-API: stm32fmc2nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 adddmaentry+0x23c/0x300 [ 4.097071] Modules linked in: [ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1 [ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT) [ 4.118824] Workqueue: eventsunbound deferredprobeworkfunc [ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.131624] pc : adddmaentry+0x23c/0x300 [ 4.135658] lr : adddmaentry+0x23c/0x300 [ 4.139792] sp : ffff800009dbb490 [ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000 [ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8 [ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20 [ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006 [ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e [ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec [ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58 [ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000 [ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40 [ 4.214185] Call trace: [ 4.216605] adddmaentry+0x23c/0x300 [ 4.220338] debugdmamapsg+0x198/0x350 [ 4.224373] _dmamapsgattrs+0xa0/0x110 [ 4.228411] dmamapsgattrs+0x10/0x2c [ 4.232247] stm32fmc2nfcxfer.isra.0+0x1c8/0x3fc [ 4.237088] stm32fmc2nfcseqreadpage+0xc8/0x174 [ 4.242127] nandreadoob+0x1d4/0x8e0 [ 4.245861] mtdreadoobstd+0x58/0x84 [ 4.249596] mtdreadoob+0x90/0x150 [ 4.253231] mtdread+0x68/0xac

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39907.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2cd457f328c100bc98e36d55fe210e9ab067c704
Fixed
dc1c6e60993b93b87604eb11266ac72e1a3be9e0
Fixed
dfe2ac47a6ee0ab50393694517c54ef1e276dda3
Fixed
e32a2ea52b51368774d014e5bcd9b86110a2b727
Fixed
75686c49574dd5f171ca682c18717787f1d8d55e
Fixed
06d8ef8f853752fea88c8d5bb093a40e71b330cf
Fixed
26adba1e7d7924174e15a3ba4b1132990786300b
Fixed
f6fd98d961fa6f97347cead4f08ed862cbbb91ff
Fixed
513c40e59d5a414ab763a9c84797534b5e8c208d

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1.0
Fixed
5.4.300
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.245
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.194
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.153
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.107
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.48
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.8