CVE-2025-40317

Published: Dic 08, 2025 Last Modified: Dic 08, 2025
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

regmap: slimbus: fix bus_context pointer in regmap init calls

Commit 4e65bda8273c ('ASoC: wcd934x: fix error handling in
wcd934x_codec_parse_data()') revealed the problem in the slimbus regmap.
That commit breaks audio playback, for instance, on sdm845 Thundercomm
Dragonboard 845c board:

Unable to handle kernel paging request at virtual address ffff8000847cbad4
...
CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT
Hardware name: Thundercomm Dragonboard 845c (DT)
...
Call trace:
slim_xfer_msg+0x24/0x1ac [slimbus] (P)
slim_read+0x48/0x74 [slimbus]
regmap_slimbus_read+0x18/0x24 [regmap_slimbus]
_regmap_raw_read+0xe8/0x174
_regmap_bus_read+0x44/0x80
_regmap_read+0x60/0xd8
_regmap_update_bits+0xf4/0x140
_regmap_select_page+0xa8/0x124
_regmap_raw_write_impl+0x3b8/0x65c
_regmap_bus_raw_write+0x60/0x80
_regmap_write+0x58/0xc0
regmap_write+0x4c/0x80
wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x]
snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core]
__soc_pcm_hw_params+0x22c/0x634 [snd_soc_core]
dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core]
dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core]
snd_pcm_hw_params+0x124/0x464 [snd_pcm]
snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm]
snd_pcm_ioctl+0x34/0x4c [snd_pcm]
__arm64_sys_ioctl+0xac/0x104
invoke_syscall+0x48/0x104
el0_svc_common.constprop.0+0x40/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x34/0xec
el0t_64_sync_handler+0xa0/0xf0
el0t_64_sync+0x198/0x19c

The __devm_regmap_init_slimbus() started to be used instead of
__regmap_init_slimbus() after the commit mentioned above and turns out
the incorrect bus_context pointer (3rd argument) was used in
__devm_regmap_init_slimbus(). It should be just 'slimbus' (which is equal
to &slimbus->dev). Correct it. The wcd934x codec seems to be the only or
the first user of devm_regmap_init_slimbus() but we should fix it till
the point where __devm_regmap_init_slimbus() was introduced therefore
two 'Fixes' tags.

While at this, also correct the same argument in __regmap_init_slimbus().

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,1th
Updated

EPSS Score Trend (Last 2 Days)

https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1…
https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1
https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f…
https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c
https://git.kernel.org/stable/c/434f7349a1f00618a620b316f09…
https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2
https://git.kernel.org/stable/c/8143e4075d131c528540417a519…
https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb
https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926…
https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b
https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a990…
https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7
https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c2427…
https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433
https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8…
https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba