Home

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Make knav_dma_open_channel consistently return NULL on error instead of ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h returns NULL when the driver is disabled, but the driver implementation does not even return NULL or ERR_PTR on failure, causing inconsistency in the users. This results in a crash in netcp_free_navigator_resources as followed (trimmed): Unhandled fault: alignment exception (0x221) at 0xfffffff2 [fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000 Internal error: : 221 [#1] SMP ARM Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE Hardware name: Keystone PC is at knav_dma_close_channel+0x30/0x19c LR is at netcp_free_navigator_resources+0x2c/0x28c [... TRIM...] Call trace: knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c netcp_ndo_open from __dev_open+0x114/0x29c __dev_open from __dev_change_flags+0x190/0x208 __dev_change_flags from netif_change_flags+0x1c/0x58 netif_change_flags from dev_change_flags+0x38/0xa0 dev_change_flags from ip_auto_config+0x2c4/0x11f0 ip_auto_config from do_one_initcall+0x58/0x200 do_one_initcall from kernel_init_freeable+0x1cc/0x238 kernel_init_freeable from kernel_init+0x1c/0x12c kernel_init from ret_from_fork+0x14/0x38 [... TRIM...] Standardize the error handling by making the function return NULL on all error conditions. The API is used in just the netcp_core.c so the impact is limited. Note, this change, in effect reverts commit 5b6cb43b4d62 ("net: ethernet: ti: netcp_core: return error while dma channel open issue"), but provides a less error prone implementation.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Linux

Product status

Default status
unaffected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before af6b10a13fc0aee37df4a8292414cc055c263fa3
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before 8427218ecbd7f8559c37972e66cb0fa06e82353b
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before 3afeb909c3e2e0eb19b1e20506196e5f2d9c2259
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before 2572c358ee434ce4b994472cceeb4043cbff5bc5
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before 952637c5b9be64539cd0e13ef88db71a1df46373
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before fbb53727ca789a8d27052aab4b77ca9e2a0fae2b
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before f9608637ecc165d7d6341df105aee44691461fb9
affected

5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 (git) before 90a88306eb874fe4bbdd860e6c9787f5bbc588b5
affected

Default status
affected

4.12
affected

Any version before 4.12
unaffected

5.4.302 (semver)
unaffected

5.10.247 (semver)
unaffected

5.15.197 (semver)
unaffected

6.1.159 (semver)
unaffected

6.6.118 (semver)
unaffected

6.12.60 (semver)
unaffected

6.17.10 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/af6b10a13fc0aee37df4a8292414cc055c263fa3

git.kernel.org/...c/8427218ecbd7f8559c37972e66cb0fa06e82353b

git.kernel.org/...c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259

git.kernel.org/...c/2572c358ee434ce4b994472cceeb4043cbff5bc5

git.kernel.org/...c/952637c5b9be64539cd0e13ef88db71a1df46373

git.kernel.org/...c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b

git.kernel.org/...c/f9608637ecc165d7d6341df105aee44691461fb9

git.kernel.org/...c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5

cve.org (CVE-2025-68220)

nvd.nist.gov (CVE-2025-68220)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.