NVD

CVE-2025-39907 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Avoid below overlapping mappings by using a contiguous non-cacheable buffer. [ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300 [ 4.097071] Modules linked in: [ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1 [ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT) [ 4.118824] Workqueue: events_unbound deferred_probe_work_func [ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.131624] pc : add_dma_entry+0x23c/0x300 [ 4.135658] lr : add_dma_entry+0x23c/0x300 [ 4.139792] sp : ffff800009dbb490 [ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000 [ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8 [ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20 [ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006 [ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e [ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec [ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58 [ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000 [ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40 [ 4.214185] Call trace: [ 4.216605] add_dma_entry+0x23c/0x300 [ 4.220338] debug_dma_map_sg+0x198/0x350 [ 4.224373] __dma_map_sg_attrs+0xa0/0x110 [ 4.228411] dma_map_sg_attrs+0x10/0x2c [ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc [ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174 [ 4.242127] nand_read_oob+0x1d4/0x8e0 [ 4.245861] mtd_read_oob_std+0x58/0x84 [ 4.249596] mtd_read_oob+0x90/0x150 [ 4.253231] mtd_read+0x68/0xac

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf	kernel.org	Patch
https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b	kernel.org	Patch
https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d	kernel.org	Patch
https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e	kernel.org	Patch
https://git.kernel.org/stable/c/dc1c6e60993b93b87604eb11266ac72e1a3be9e0	kernel.org	Patch
https://git.kernel.org/stable/c/dfe2ac47a6ee0ab50393694517c54ef1e276dda3	kernel.org	Patch
https://git.kernel.org/stable/c/e32a2ea52b51368774d014e5bcd9b86110a2b727	kernel.org	Patch
https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff	kernel.org	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	CVE	Mailing List Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Initial Analysis by NIST 1/16/2026 2:31:03 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:debian:debian_linux:11.0:::::::
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.194 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.153 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.245 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.107 cpe:2.3:o:linux:linux_kernel:6.17:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.17:rc2::::::* cpe:2.3:o:linux:linux_kernel:6.17:rc3::::::* cpe:2.3:o:linux:linux_kernel:6.17:rc4::::::* cpe:2.3:o:linux:linux_kernel:6.17:rc5::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.13 up to (excluding) 6.16.8 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.12.48 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.1 up to (excluding) 5.4.300
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Types: Mailing List, Third Party Advisory
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/dc1c6e60993b93b87604eb11266ac72e1a3be9e0 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/dfe2ac47a6ee0ab50393694517c54ef1e276dda3 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e32a2ea52b51368774d014e5bcd9b86110a2b727 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff Types: Patch

New CVE Received from kernel.org 10/01/2025 4:15:33 AM

Action	Type	New Value
Added	Description	Record truncated, showing 2048 of 2241 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Avoid below overlapping mappings by using a contiguous non-cacheable buffer. [ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300 [ 4.097071] Modules linked in: [ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1 [ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT) [ 4.118824] Workqueue: events_unbound deferred_probe_work_func [ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.131624] pc : add_dma_entry+0x23c/0x300 [ 4.135658] lr : add_dma_entry+0x23c/0x300 [ 4.139792] sp : ffff800009dbb490 [ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000 [ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8 [ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20 [ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006 [ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e [ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec [ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58 [ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000 [ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40 [ 4.214185] Call trace: [ 4.216605] add_dma_entry+0x23c/0x300 [ 4.220338] debug_dma_map_sg+0x198/0x350 [ 4.224373] __dma_map_sg_attrs+0xa0/0x110 [ 4.228411] dma_map_sg_attrs+0x10/0x2c [ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc [ 4.237088] stm32_
Added	Reference	https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf
Added	Reference	https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b
Added	Reference	https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d
Added	Reference	https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e
Added	Reference	https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff

Quick Info

CVE Dictionary Entry:
CVE-2025-39907
NVD Published Date:
10/01/2025
NVD Last Modified:
01/16/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2025-39907 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 1/16/2026 2:31:03 PM

CVE Modified by CVE 11/03/2025 1:16:52 PM

CVE Modified by kernel.org 10/02/2025 10:15:44 AM

New CVE Received from kernel.org 10/01/2025 4:15:33 AM

Quick Info