CVE-2025-38439
📋 TL;DR
A bug in the Linux kernel's bnxt_en network driver incorrectly sets DMA unmap length to 0 when transmitting XDP_REDIRECT packets, causing a kernel warning on systems with IOMMU enabled. This affects Linux systems using Broadcom NetXtreme-E network adapters with XDP enabled. The vulnerability could potentially lead to system instability or denial of service.
💻 Affected Systems
- Linux kernel with bnxt_en driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic due to improper DMA unmapping, leading to denial of service.
Likely Case
Kernel warning messages in system logs and potential performance degradation or packet loss.
If Mitigated
Minor performance impact with warning messages but no system crash.
🎯 Exploit Status
Exploitation requires specific driver configuration and local access. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 16ae306602163fcb7ae83f2701b542e43c100cee, 3cdf199d4755d477972ee87110b2aebc88b3cfad, 50dad9909715094e7d9ca25e9e0412b875987519, 5909679a82cd74cf0343d9e3ddf4b6931aa7e613, 8d672a1a6bfc81fef9151925c9c0481f4acf4bec
Vendor Advisory: https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable XDP_REDIRECT
linuxDisable XDP_REDIRECT feature on bnxt_en network interfaces
sudo ethtool -K <interface> xdp off
Disable IOMMU
linuxDisable IOMMU in kernel boot parameters (not recommended for security)
Add 'iommu=off' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Disable XDP features on all bnxt_en network interfaces
- Monitor system logs for DMA-related warnings and restart affected systems if warnings appear
🔍 How to Verify
Check if Vulnerable:
Check if system uses bnxt_en driver and has XDP enabled: lsmod | grep bnxt && ethtool -i <interface> | grep -i xdpCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r and verify with distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'WARNING: CPU: ... at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap'
- bnxt_en driver error messages related to DMA unmapping
Network Indicators:
- Increased packet loss on bnxt_en interfaces with XDP enabled
SIEM Query:
source="kernel" AND "__iommu_dma_unmap" AND "bnxt_en"🔗 References
- https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee
- https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad
- https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519
- https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613
- https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec
- https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f
- https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a
- https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
