CVE-2025-68220

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error

Make knav_dma_open_channel consistently return NULL on error instead of ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h returns NULL when the driver is disabled, but the driver implementation does not even return NULL or ERR_PTR on failure, causing inconsistency in the users. This results in a crash in netcp_free_navigator_resources as followed (trimmed):

Unhandled fault: alignment exception (0x221) at 0xfffffff2 [fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000 Internal error: : 221 [#1] SMP ARM Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE Hardware name: Keystone PC is at knav_dma_close_channel+0x30/0x19c LR is at netcp_free_navigator_resources+0x2c/0x28c

[… TRIM…]

Call trace: knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c netcp_ndo_open from __dev_open+0x114/0x29c __dev_open from __dev_change_flags+0x190/0x208 __dev_change_flags from netif_change_flags+0x1c/0x58 netif_change_flags from dev_change_flags+0x38/0xa0 dev_change_flags from ip_auto_config+0x2c4/0x11f0 ip_auto_config from do_one_initcall+0x58/0x200 do_one_initcall from kernel_init_freeable+0x1cc/0x238 kernel_init_freeable from kernel_init+0x1c/0x12c kernel_init from ret_from_fork+0x14/0x38 [… TRIM…]

Standardize the error handling by making the function return NULL on all error conditions. The API is used in just the netcp_core.c so the impact is limited.

Note, this change, in effect reverts commit 5b6cb43b4d62 ("net: ethernet: ti: netcp_core: return error while dma channel open issue"), but provides a less error prone implementation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux88139ed030583557751e279968e13e892ae10825 < af6b10a13fc0aee37df4a8292414cc055c263fa3affected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < 8427218ecbd7f8559c37972e66cb0fa06e82353baffected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < 3afeb909c3e2e0eb19b1e20506196e5f2d9c2259affected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < 2572c358ee434ce4b994472cceeb4043cbff5bc5affected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < 952637c5b9be64539cd0e13ef88db71a1df46373affected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < fbb53727ca789a8d27052aab4b77ca9e2a0fae2baffected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < f9608637ecc165d7d6341df105aee44691461fb9affected
LinuxLinux88139ed030583557751e279968e13e892ae10825 < 90a88306eb874fe4bbdd860e6c9787f5bbc588b5affected
LinuxLinux3.18affected
LinuxLinux0 < 3.18unaffected
LinuxLinux5.4.302 <= 5.4.*unaffected
LinuxLinux5.10.247 <= 5.10.*unaffected
LinuxLinux5.15.197 <= 5.15.*unaffected
LinuxLinux6.1.159 <= 6.1.*unaffected
LinuxLinux6.6.118 <= 6.6.*unaffected
LinuxLinux6.12.60 <= 6.12.*unaffected
LinuxLinux6.17.10 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References