{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38439","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.016Z","datePublished":"2025-07-25T15:27:18.640Z","dateUpdated":"2026-05-11T21:28:00.832Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:28:00.832Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0.  This bug triggers this warning\non a system with IOMMU enabled:\n\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff <0f> 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n<IRQ>\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"],"versions":[{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"e260f4d49370c85a4701d43c6d16b8c39f8b605f","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"16ae306602163fcb7ae83f2701b542e43c100cee","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"8d672a1a6bfc81fef9151925c9c0481f4acf4bec","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"f9eaf6d036075dc820520e1194692c0619b7297b","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"5909679a82cd74cf0343d9e3ddf4b6931aa7e613","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"50dad9909715094e7d9ca25e9e0412b875987519","status":"affected","versionType":"git"},{"version":"f18c2b77b2e4eec2313d519ba125bd6a069513cf","lessThan":"3cdf199d4755d477972ee87110b2aebc88b3cfad","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.4.296","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.240","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.189","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.146","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.99","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.39","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f"},{"url":"https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee"},{"url":"https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec"},{"url":"https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b"},{"url":"https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613"},{"url":"https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a"},{"url":"https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519"},{"url":"https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad"}],"title":"bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:38:02.718Z"}}]}}