CVE-2025-39907
📋 TL;DR
A DMA mapping vulnerability in the Linux kernel's STM32 FMC2 NAND controller driver causes overlapping memory mappings when handling ECC buffers, triggering kernel warnings and potential system instability. This affects Linux systems using STM32 processors with the FMC2 NAND controller. The issue occurs during NAND flash operations and can lead to system crashes or unpredictable behavior.
💻 Affected Systems
- Linux kernel with STM32 FMC2 NAND controller driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic during NAND flash operations, potentially causing data corruption or system instability.
Likely Case
Kernel warning messages and potential performance degradation during NAND operations, with possible system instability under heavy I/O load.
If Mitigated
Minor performance impact with warning messages in kernel logs, but system remains operational.
🎯 Exploit Status
This appears to be a stability/performance issue rather than a security vulnerability with traditional exploitation vectors. The main risk is system instability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 06d8ef8f853752fea88c8d5bb093a40e71b330cf, 26adba1e7d7924174e15a3ba4b1132990786300b, 513c40e59d5a414ab763a9c84797534b5e8c208d, 75686c49574dd5f171ca682c18717787f1d8d55e, dc1c6e60993b93b87604eb11266ac72e1a3be9e0
Vendor Advisory: https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable STM32 FMC2 NAND controller
linuxDisable the vulnerable driver if NAND storage is not required
echo 'blacklist stm32_fmc2_nfc' >> /etc/modprobe.d/blacklist.conf
rmmod stm32_fmc2_nfc
🧯 If You Can't Patch
- Monitor kernel logs for DMA-API warnings related to stm32_fmc2_nfc
- Avoid heavy NAND flash operations on affected systems
🔍 How to Verify
Check if Vulnerable:
Check kernel logs for 'DMA-API: stm32_fmc2_nfc' warnings or check if stm32_fmc2_nfc module is loaded: lsmod | grep stm32_fmc2_nfcCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits or verify no DMA-API warnings appear in logs during NAND operations📡 Detection & Monitoring
Log Indicators:
- DMA-API: stm32_fmc2_nfc: cacheline tracking EEXIST
- WARNING: CPU: at kernel/dma/debug.c:568 add_dma_entry
Network Indicators:
- None - this is a local driver issue
SIEM Query:
source="kernel" AND "stm32_fmc2_nfc" AND "DMA-API"🔗 References
- https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf
- https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b
- https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d
- https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e
- https://git.kernel.org/stable/c/dc1c6e60993b93b87604eb11266ac72e1a3be9e0
- https://git.kernel.org/stable/c/dfe2ac47a6ee0ab50393694517c54ef1e276dda3
- https://git.kernel.org/stable/c/e32a2ea52b51368774d014e5bcd9b86110a2b727
- https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
