CVE-2025-40356

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40356
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40356.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40356
Aliases
Downstream
Published
2025-12-16T13:30:28.913Z
Modified
2026-02-09T18:27:47.498790Z
Summary
spi: rockchip-sfc: Fix DMA-API usage
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: rockchip-sfc: Fix DMA-API usage

Use DMA-API dmamapsingle() call for getting the DMA address of the transfer buffer instead of hacking with virttophys().

This fixes the following DMA-API debug warning: ------------[ cut here ]------------ DMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated [device address=0x000000000cf70000] [size=288 bytes] WARNING: kernel/dma/debug.c:1106 at checksync+0x1d8/0x690, CPU#2: systemd-udevd/151 Modules linked in: ... Hardware name: Hardkernel ODROID-M1 (DT) pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : checksync+0x1d8/0x690 lr : checksync+0x1d8/0x690 .. Call trace: checksync+0x1d8/0x690 (P) debugdmasyncsingleforcpu+0x84/0x8c _dmasyncsingleforcpu+0x88/0x234 rockchipsfcexecmemop+0x4a0/0x798 [spirockchipsfc] spimemexecop+0x408/0x498 spinorreaddata+0x170/0x184 spinorreadsfdp+0x74/0xe4 spinorparsesfdp+0x120/0x11f0 spinorsfdpinitparamsdeprecated+0x3c/0x8c spinorscan+0x690/0xf88 spinorprobe+0xe4/0x304 spimemprobe+0x6c/0xa8 spiprobe+0x94/0xd4 really_probe+0xbc/0x298 ...

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40356.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b69386fcbc6066fb4885667743ab4d4967d561b8
Fixed
22810d4cb0e8a7d51b24527e73beac60afc1c693
Fixed
ee795e82e10197c070efd380dc9615c73dffad6c

Affected versions

v6.*
v6.13
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.17.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40356.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.17.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40356.json"