CVE-2025-39674
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's UFS (Universal Flash Storage) driver for Qualcomm platforms. When the ESI (Enhanced System Interrupt) feature fails to allocate MSI interrupts during initialization, the driver attempts to clean up resources that were never allocated, causing a kernel panic. This affects Linux systems with Qualcomm UFS hardware and MCQ (Multiple Command Queue) enabled.
💻 Affected Systems
- Linux kernel with UFS-QCOM driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
System boot failure or kernel panic during UFS initialization, preventing the system from starting properly.
If Mitigated
System operates normally without ESI optimization feature, potentially with reduced storage performance.
🎯 Exploit Status
Exploitation requires specific hardware conditions (Qualcomm UFS with MCQ) and triggering MSI allocation failure during boot. Not remotely exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 6300d5c5438724c0876828da2f6e2c1a661871fc and aaf17a35a59572c8b29372883619c3dbb0ebb50a
Vendor Advisory: https://git.kernel.org/stable/c/6300d5c5438724c0876828da2f6e2c1a661871fc
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MCQ feature
allDisable Multiple Command Queue feature in kernel boot parameters to avoid triggering the vulnerable code path.
Add 'ufs_qcom.mcq=0' to kernel boot parameters in GRUB or bootloader configuration
Disable ESI feature
allDisable Enhanced System Interrupt feature if supported by kernel module parameters.
Add 'ufs_qcom.esi=0' to kernel boot parameters or module options
🧯 If You Can't Patch
- Ensure systems are not using Qualcomm UFS hardware with MCQ enabled
- Monitor system logs for kernel panic messages related to UFS initialization failures
🔍 How to Verify
Check if Vulnerable:
Check if kernel version is between vulnerable commit e46a28cea29a and the fix commits. Use 'uname -r' and examine kernel changelog.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits 6300d5c5438724c0876828da2f6e2c1a661871fc and aaf17a35a59572c8b29372883619c3dbb0ebb50a. Check dmesg for successful UFS initialization.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'NULL pointer dereference' in ufs_qcom_config_esi
- UFS initialization failure logs
- System crash during boot with UFS-related call traces
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
Search for kernel panic events with message containing 'ufs_qcom_config_esi' or 'NULL pointer dereference' in system logs