CVE-2025-39923
📋 TL;DR
A Linux kernel vulnerability in the Qualcomm BAM DMA driver allows early boot crashes when device tree configurations are missing required properties. This affects Linux systems using Qualcomm SoCs with improperly configured device trees, particularly those with crypto engine BAM instances.
💻 Affected Systems
- Linux kernel with qcom-bam-dma driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System fails to boot completely, causing denial of service and requiring physical intervention to recover.
Likely Case
Early boot crashes on systems with malformed device tree configurations, preventing normal system startup.
If Mitigated
Properly configured systems with correct device tree properties are unaffected.
🎯 Exploit Status
Exploitation requires malformed device tree configuration, not remote code execution. The vulnerability manifests as boot crashes rather than traditional exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commit 0ff9df758af7022d749718fb6b8385cc5693acf3 or later
Vendor Advisory: https://git.kernel.org/stable/c/0ff9df758af7022d749718fb6b8385cc5693acf3
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. Update device tree configurations to include required 'num-channels' property for BAM instances without clocks. 3. Reboot system.
🔧 Temporary Workarounds
Fix device tree configurations
linuxEnsure all BAM DMA device tree nodes include required 'num-channels' property when 'clock' property is missing
Edit device tree source files to add: num-channels = <N>; where N is appropriate channel count
🧯 If You Can't Patch
- Ensure all device tree configurations for BAM DMA include proper 'num-channels' property
- Disable crypto engine BAM instances in device tree if they cannot be properly configured
🔍 How to Verify
Check if Vulnerable:
Check if system uses Qualcomm SoC with BAM DMA and examine device tree for missing 'num-channels' property in BAM nodes without clocksCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commit and verify device tree has proper 'num-channels' properties📡 Detection & Monitoring
Log Indicators:
- Early boot crashes
- Kernel panic messages related to BAM DMA
- Device tree parsing errors
Network Indicators:
- None - this is a local boot issue
SIEM Query:
Search for kernel panic logs containing 'bam_dma', 'qcom', or DMA-related error messages during boot🔗 References
- https://git.kernel.org/stable/c/0ff9df758af7022d749718fb6b8385cc5693acf3
- https://git.kernel.org/stable/c/1d98ba204d8a6db0d986c7f1aefaa0dcd1c007a2
- https://git.kernel.org/stable/c/1fc14731f0be4885e60702b9596d14d9a79cf053
- https://git.kernel.org/stable/c/2e257a6125c63350f00dc42b9674f20fd3cf4a9f
- https://git.kernel.org/stable/c/5068b5254812433e841a40886e695633148d362d
- https://git.kernel.org/stable/c/555bd16351a35c79efb029a196975a5a27f7fbc4
- https://git.kernel.org/stable/c/6ac1599d0e78036d9d08efc2f58c2d91f0a3ee4c
- https://git.kernel.org/stable/c/ebf6c7c908e5999531c3517289598f187776124f
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
