CVE-2025-68238 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: cadence: fix DMA device NULL pointer dereference

The DMA device pointer `dma_dev` was being dereferenced before ensuring
that `cdns_ctrl->dmac` is properly initialized.

Move the assignment of `dma_dev` after successfully acquiring the DMA
channel to ensure the pointer is valid before use.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4436-1	linux-6.1 security update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b
https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef
https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43
https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840
https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd
https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f
https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126
https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68238
https://www.cve.org/CVERecord?id=CVE-2025-68238

History

Wed, 17 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68238 https://www.cve.org/CVERecord?id=CVE-2025-68238

Tue, 16 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dma_dev` after successfully acquiring the DMA channel to ensure the pointer is valid before use.
Title		mtd: rawnand: cadence: fix DMA device NULL pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43 https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840 https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T14:08:31.672Z

Updated: 2025-12-16T14:08:31.672Z

Reserved: 2025-12-16T13:41:40.263Z

Link: CVE-2025-68238

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-16T14:15:58.977

Modified: 2025-12-18T15:08:06.237

Link: CVE-2025-68238

Redhat

Severity :

Publid Date: 2025-12-16T00:00:00Z

Links: CVE-2025-68238 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object