Security tracker / CVE-2025-40032

CVE-2025-40032

PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 8353813c88ef ("PCI: endpoint: Enable DMA tests for endpoints with
 carnil> DMA capabilities")
 carnil> 5ebf3fc59bd2 ("PCI: endpoint: functions/pci-epf-test: Add DMA support to
 carnil> transfer data"). Vulnerable versions: 5.7.

Bugs

Status

Branch	Status
upstream	released (6.18-rc1) [85afa9ea122dd9d4a2ead104a951d318975dcd25]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	released (6.17.3) [57f7fb0d1ac28540c0f6405c829bb9c3b89d8dba]
6.12-upstream-stable	released (6.12.54) [fb54ffd60064c4e5139a3eb216e877b1acae1c8b]
6.6-upstream-stable	released (6.6.113) [0c5ce6b6ccc22d486cc7239ed908cb0ae5363a7b]
6.1-upstream-stable	released (6.1.157) [6411f840a9b5c47c00ca8e004733de232553870d]
5.10-upstream-stable	needed
sid	released (6.17.6-1)
6.12-trixie-security	released (6.12.57-1)
6.1-bookworm-security	released (6.1.158-1)
5.10-bullseye-security	needed