Improper locking in Linux kernel dma ti driver

Published: 2025-06-20

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-38005
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU111605

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa
https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0
https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22
https://git.kernel.org/stable/c/99df1edf17493cb49a8c01f6bde55c3abb6a2a6c
https://git.kernel.org/stable/c/d87f1cddc592387359fde157cc4296556f6403c2
https://git.kernel.org/stable/c/df5987e76a4ae4cbd705d81ab4b15ed232250a4a
https://git.kernel.org/stable/c/fca280992af8c2fbd511bc43f65abb4a17363f2f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.