CVE-2025-68238 - Vulnerability Details

- mtd: rawnand: cadence: fix DMA device NULL pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: cadence: fix DMA device NULL pointer dereference

The DMA device pointer `dma_dev` was being dereferenced before ensuring
that `cdns_ctrl->dmac` is properly initialized.

Move the assignment of `dma_dev` after successfully acquiring the DMA
channel to ensure the pointer is valid before use.

Published: 2025-12-16

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0cae7c285f4771a9927ef592899234d307aea5d4`	affected	< 2178b0255eae108bb10e5e99658b28641bc06f43
`099a316518508be7c57de4134ef919b2dea948ce`	affected	< 9c58c64ec41290c12490ca7e1df45013fbbb41fd
`e630d32162a8aab92d4aaebae0a8d93039257593`	affected	< e282a4fdf3c6ee842a720010a8b5f7d77bedd126
`ad9393467fbd788ac2b8a01e492e45ab1b68a1b1`	affected	< b146e0b085d9d6bfe838e0a15481cba7d093c67f
`0ce5416863965ddd86e066484a306867cf1e01a8`	affected	< 0c635241a62f2f5da1b48bfffae226d1f86a76ef
`d76d22b5096c5b05208fd982b153b3f182350b19`	affected	< 0c2a43cb43786011b48eeab6093db14888258c6b
`d76d22b5096c5b05208fd982b153b3f182350b19`	affected	< 5c56bf214af85ca042bf97f8584aab2151035840
`a33c7492dcdf804b705b6c21018a481414d48038`	affected	—
`5.10.235`	affected	< 5.10.247
`5.15.179`	affected	< 5.15.197
`6.1.130`	affected	< 6.1.159
`6.6.80`	affected	< 6.6.118
`6.12.17`	affected	< 6.12.60
`6.13.5`	affected	< 6.14

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`5.10.247`	unaffected	≤ 5.10.*
`5.15.197`	unaffected	≤ 5.15.*
`6.1.159`	unaffected	≤ 6.1.*
`6.6.118`	unaffected	≤ 6.6.*
`6.12.60`	unaffected	≤ 6.12.*
`6.17.10`	unaffected	≤ 6.17.*
`6.18`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4436-1	linux-6.1 security update
Ubuntu USN	USN-8094-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8096-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8100-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8094-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8096-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-4	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8095-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8096-5	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8116-1	Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN	USN-8094-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8094-4	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8125-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8094-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8095-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8152-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8165-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b
https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef
https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43
https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840
https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd
https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f
https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126
https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68238
https://www.cve.org/CVERecord?id=CVE-2025-68238

History

Wed, 17 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68238 https://www.cve.org/CVERecord?id=CVE-2025-68238

Tue, 16 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dma_dev` after successfully acquiring the DMA channel to ensure the pointer is valid before use.
Title		mtd: rawnand: cadence: fix DMA device NULL pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43 https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840 https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T14:08:31.672Z

Updated: 2026-05-23T16:02:26.527Z

Reserved: 2025-12-16T13:41:40.263Z

Link: CVE-2025-68238

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-16T14:15:58.977

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-68238

Redhat

Severity :

Publid Date: 2025-12-16T00:00:00Z

Links: CVE-2025-68238 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object