We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38300

crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()



Description

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to free DMA memory it has not allocated in the first place. To fix this, on the "theend_sgs" error path, call dma unmap only if the corresponding dma map was successful. 2] If the dma_map_single() call for the IV fails, the device driver would try to free an invalid DMA memory address on the "theend_iv" path: ------------[ cut here ]------------ DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90 Modules linked in: skcipher_example(O+) CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT Tainted: [O]=OOT_MODULE Hardware name: OrangePi Zero2 (DT) pc : check_unmap+0x123c/0x1b90 lr : check_unmap+0x123c/0x1b90 ... Call trace: check_unmap+0x123c/0x1b90 (P) debug_dma_unmap_page+0xac/0xc0 dma_unmap_page_attrs+0x1f4/0x5fc sun8i_ce_cipher_do_one+0x1bd4/0x1f40 crypto_pump_work+0x334/0x6e0 kthread_worker_fn+0x21c/0x438 kthread+0x374/0x664 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- To fix this, check for !dma_mapping_error() before calling dma_unmap_single() on the "theend_iv" path.

Reserved 2025-04-16 | Published 2025-07-10 | Updated 2025-07-10 | Assigner Linux

Product status

Default status
unaffected

06f751b613296cc34b86fc83fccaf30d646eb8bc before a0ac3f85b2e3ef529e852f252a70311f9029d5e6
affected

06f751b613296cc34b86fc83fccaf30d646eb8bc before c62b79c1c51303dbcb6edfa4de0ee176f4934c52
affected

06f751b613296cc34b86fc83fccaf30d646eb8bc before 19d267d9fad00d94ad8477899e38ed7c11f33fb6
affected

06f751b613296cc34b86fc83fccaf30d646eb8bc before 4051250e5db489f8ad65fc337e2677b9b568ac72
affected

06f751b613296cc34b86fc83fccaf30d646eb8bc before f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3
affected

Default status
affected

5.5
affected

Any version before 5.5
unaffected

6.1.142
unaffected

6.6.94
unaffected

6.12.34
unaffected

6.15.3
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/a0ac3f85b2e3ef529e852f252a70311f9029d5e6

git.kernel.org/...c/c62b79c1c51303dbcb6edfa4de0ee176f4934c52

git.kernel.org/...c/19d267d9fad00d94ad8477899e38ed7c11f33fb6

git.kernel.org/...c/4051250e5db489f8ad65fc337e2677b9b568ac72

git.kernel.org/...c/f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3

cve.org (CVE-2025-38300)

nvd.nist.gov (CVE-2025-38300)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38300

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.