Home

Description

In the Linux kernel, the following vulnerability has been resolved: regmap: slimbus: fix bus_context pointer in regmap init calls Commit 4e65bda8273c ("ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()") revealed the problem in the slimbus regmap. That commit breaks audio playback, for instance, on sdm845 Thundercomm Dragonboard 845c board: Unable to handle kernel paging request at virtual address ffff8000847cbad4 ... CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT Hardware name: Thundercomm Dragonboard 845c (DT) ... Call trace: slim_xfer_msg+0x24/0x1ac [slimbus] (P) slim_read+0x48/0x74 [slimbus] regmap_slimbus_read+0x18/0x24 [regmap_slimbus] _regmap_raw_read+0xe8/0x174 _regmap_bus_read+0x44/0x80 _regmap_read+0x60/0xd8 _regmap_update_bits+0xf4/0x140 _regmap_select_page+0xa8/0x124 _regmap_raw_write_impl+0x3b8/0x65c _regmap_bus_raw_write+0x60/0x80 _regmap_write+0x58/0xc0 regmap_write+0x4c/0x80 wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x] snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core] __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core] dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core] dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core] snd_pcm_hw_params+0x124/0x464 [snd_pcm] snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm] snd_pcm_ioctl+0x34/0x4c [snd_pcm] __arm64_sys_ioctl+0xac/0x104 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xec el0t_64_sync_handler+0xa0/0xf0 el0t_64_sync+0x198/0x19c The __devm_regmap_init_slimbus() started to be used instead of __regmap_init_slimbus() after the commit mentioned above and turns out the incorrect bus_context pointer (3rd argument) was used in __devm_regmap_init_slimbus(). It should be just "slimbus" (which is equal to &slimbus->dev). Correct it. The wcd934x codec seems to be the only or the first user of devm_regmap_init_slimbus() but we should fix it till the point where __devm_regmap_init_slimbus() was introduced therefore two "Fixes" tags. While at this, also correct the same argument in __regmap_init_slimbus().

PUBLISHED Reserved 2025-04-16 | Published 2025-12-08 | Updated 2025-12-08 | Assigner Linux

Product status

Default status
unaffected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before c0f05129e5734ff3fd14b2c242709314d9ca5433
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before 02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before d979639f099c6e51f06ce4dd8d8e56364d6c17ba
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before 8143e4075d131c528540417a51966f6697be14eb
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before 2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before a16e92f8d7dc7371e68f17a9926cb92d2244be7b
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before b65f3303349eaee333e47d2a99045aa12fa0c3a7
affected

7d6f7fb053ad543da74119df3c4cd7bb46220471 (git) before 434f7349a1f00618a620b316f091bd13a12bc8d2
affected

Default status
affected

4.16
affected

Any version before 4.16
unaffected

5.4.302 (semver)
unaffected

5.10.247 (semver)
unaffected

5.15.197 (semver)
unaffected

6.1.159 (semver)
unaffected

6.6.117 (semver)
unaffected

6.12.58 (semver)
unaffected

6.17.8 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c0f05129e5734ff3fd14b2c242709314d9ca5433

git.kernel.org/...c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1

git.kernel.org/...c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba

git.kernel.org/...c/8143e4075d131c528540417a51966f6697be14eb

git.kernel.org/...c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c

git.kernel.org/...c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b

git.kernel.org/...c/b65f3303349eaee333e47d2a99045aa12fa0c3a7

git.kernel.org/...c/434f7349a1f00618a620b316f091bd13a12bc8d2

cve.org (CVE-2025-40317)

nvd.nist.gov (CVE-2025-40317)

Download JSON