CVE-2025-38401 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2025-38401?

CVE-2025-38401 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in the Linux kernel's MediaTek SD card driver (mtk-sd) occurs when DMA mapping fails but the driver proceeds with DMA operations using stale settings. This affects Linux systems using MediaTek hardware with the vulnerable driver version.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's MediaTek SD card driver (mtk-sd) occurs when DMA mapping fails but the driver proceeds with DMA operations using stale settings. This affects Linux systems using MediaTek hardware with the vulnerable driver version.

💻 Affected Systems

Products:

Linux kernel with MediaTek SD card driver (mtk-sd)

Versions: Specific kernel versions containing the vulnerable commit until patched versions

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with MediaTek hardware using the mtk-sd driver. Requires SD card operations to trigger the condition.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, crashes, or denial of service when SD card operations fail under specific conditions.

🟢

If Mitigated

Minimal impact if systems don't use MediaTek SD card hardware or have proper kernel hardening protections.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger SD card operations.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could potentially exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering DMA mapping failures in the mtk-sd driver, which may require specific hardware conditions or timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 3419bc6a7b65cbbb91417bb9970208478e034c79, 48bf4f3dfcdab02b22581d8e350a2d23130b72c0, 5ac9e9e2e9cd6247d8c2d99780eae4556049e1cc, 61cdd663564674ea21ceb50aa9d3697cbe9e45f9, 63e8953f16acdcb23e2d4dd8a566d3c34df3e200

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SD card functionality

linux

Prevent use of vulnerable driver by disabling SD card support

echo 'blacklist mtk-sd' >> /etc/modprobe.d/blacklist.conf
rmmod mtk-sd

🧯 If You Can't Patch

Restrict physical access to prevent local exploitation
Implement strict process isolation and kernel hardening (seccomp, SELinux/AppArmor)

🔍 How to Verify

Check if Vulnerable:

Check if mtk-sd driver is loaded: lsmod | grep mtk_sd && check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits and mtk-sd driver loads without errors in dmesg

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
DMA mapping errors in dmesg
SD card operation failures

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel: mtk-sd' OR 'DMA map failure' in system logs

📊 Metadata

CVE ID: CVE-2025-38401

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: July 25, 2025

Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38401, you might also want to check these: