CVE-2025-71195

EUVD-2025-206803
In the Linux kernel, the following vulnerability has been resolved:

dmaengine: xilinx: xdma: Fix regmap max_register

The max_register field is assigned the size of the register memory
region instead of the offset of the last register.
The result is that reading from the regmap via debugfs can cause
a segmentation fault:

tail /sys/kernel/debug/regmap/xdma.1.auto/registers
Unable to handle kernel paging request at virtual address ffff800082f70000
Mem abort info:
  ESR = 0x0000000096000007
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x07: level 3 translation fault
[...]
Call trace:
 regmap_mmio_read32le+0x10/0x30
 _regmap_bus_reg_read+0x74/0xc0
 _regmap_read+0x68/0x198
 regmap_read+0x54/0x88
 regmap_read_debugfs+0x140/0x380
 regmap_map_read_file+0x30/0x48
 full_proxy_read+0x68/0xc8
 vfs_read+0xcc/0x310
 ksys_read+0x7c/0x120
 __arm64_sys_read+0x24/0x40
 invoke_syscall.constprop.0+0x64/0x108
 do_el0_svc+0xb0/0xd8
 el0_svc+0x38/0x130
 el0t_64_sync_handler+0x120/0x138
 el0t_64_sync+0x194/0x198
Code: aa1e03e9 d503201f f9400000 8b214000 (b9400000)
---[ end trace 0000000000000000 ]---
note: tail[1217] exited with irqs disabled
note: tail[1217] exited with preempt_count 1
Segmentation fault
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
kernel-docs
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-macros
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-syms
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
References
https://git.kernel.org/stable/c/5e7ad329d259cf5bed7530d6d2525bcf7cb487a1
https://git.kernel.org/stable/c/606ea969e78295407f4bf06aa0e272fe59897184
https://git.kernel.org/stable/c/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10
https://git.kernel.org/stable/c/df8a131a41ff6202d47f59452735787f2b71dd2d