Login Sign Up

CVE-2025-22049

5.5 MEDIUM

📋 TL;DR

This CVE addresses a DMA (Direct Memory Access) alignment vulnerability in the Linux kernel for LoongArch systems. When ARCH_DMA_MINALIGN is set to 1 byte (default), certain LoongArch-specific hardware devices like APBDMA may experience cacheline write errors when processing small memory buffers, potentially leading to system instability or data corruption. This affects Linux systems running on LoongArch processors.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but likely affects LoongArch-supporting kernels before the fix commits.
Operating Systems: Linux distributions with LoongArch support
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with LoongArch processors using specific hardware devices like APBDMA that require 16-byte DMA alignment.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crashes, kernel panics, or data corruption due to hardware DMA errors when processing small memory buffers, potentially leading to denial of service or data integrity issues.

🟠

Likely Case

System instability or crashes when specific LoongArch hardware devices attempt DMA operations on small memory buffers, primarily affecting performance-critical operations.

🟢

If Mitigated

With proper alignment (16 bytes), DMA operations proceed normally without hardware errors, maintaining system stability.

🌐 Internet-Facing: LOW - This is a hardware-specific kernel configuration issue requiring local access to trigger.
🏢 Internal Only: MEDIUM - Internal systems with LoongArch processors running vulnerable kernel versions could experience stability issues during normal operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific hardware configuration and triggering conditions.

This appears to be a configuration fix rather than a traditional security vulnerability. Exploitation would require triggering specific DMA operations on vulnerable hardware.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits referenced in the CVE

Vendor Advisory: https://git.kernel.org/stable/c/1d0def2d1658666ec1f32c9495df60e7411e3c82

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Manual kernel configuration

linux

Manually set ARCH_DMA_MINALIGN to 16 in kernel configuration

Edit kernel config file and set CONFIG_ARCH_DMA_MINALIGN=16
Recompile and install kernel

🧯 If You Can't Patch

  • Avoid using APBDMA and other LoongArch-specific DMA hardware on vulnerable systems
  • Monitor system logs for DMA-related errors and restart affected services if instability occurs

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if running on LoongArch processor with vulnerable kernel configuration

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and ARCH_DMA_MINALIGN is set to 16

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing DMA errors
  • Hardware fault messages related to cacheline writes
  • System instability or crashes during DMA operations

Network Indicators:

  • None - this is a local hardware/kernel issue

SIEM Query:

source="kernel" AND ("DMA error" OR "cacheline" OR "alignment fault")

📊 Metadata

CVE ID: CVE-2025-22049
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.08% exploit probability (23.8th percentile)
Published: April 16, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON