{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68220","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T13:41:40.257Z","datePublished":"2025-12-16T13:57:14.142Z","dateUpdated":"2026-05-11T21:49:02.647Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:49:02.647Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error\n\nMake knav_dma_open_channel consistently return NULL on error instead\nof ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h\nreturns NULL when the driver is disabled, but the driver\nimplementation does not even return NULL or ERR_PTR on failure,\ncausing inconsistency in the users. This results in a crash in\nnetcp_free_navigator_resources as followed (trimmed):\n\nUnhandled fault: alignment exception (0x221) at 0xfffffff2\n[fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000\nInternal error: : 221 [#1] SMP ARM\nModules linked in:\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE\nHardware name: Keystone\nPC is at knav_dma_close_channel+0x30/0x19c\nLR is at netcp_free_navigator_resources+0x2c/0x28c\n\n[... TRIM...]\n\nCall trace:\n knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c\n netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c\n netcp_ndo_open from __dev_open+0x114/0x29c\n __dev_open from __dev_change_flags+0x190/0x208\n __dev_change_flags from netif_change_flags+0x1c/0x58\n netif_change_flags from dev_change_flags+0x38/0xa0\n dev_change_flags from ip_auto_config+0x2c4/0x11f0\n ip_auto_config from do_one_initcall+0x58/0x200\n do_one_initcall from kernel_init_freeable+0x1cc/0x238\n kernel_init_freeable from kernel_init+0x1c/0x12c\n kernel_init from ret_from_fork+0x14/0x38\n[... TRIM...]\n\nStandardize the error handling by making the function return NULL on\nall error conditions. The API is used in just the netcp_core.c so the\nimpact is limited.\n\nNote, this change, in effect reverts commit 5b6cb43b4d62 (\"net:\nethernet: ti: netcp_core: return error while dma channel open issue\"),\nbut provides a less error prone implementation."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/ti/netcp_core.c","drivers/soc/ti/knav_dma.c"],"versions":[{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"af6b10a13fc0aee37df4a8292414cc055c263fa3","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"8427218ecbd7f8559c37972e66cb0fa06e82353b","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"3afeb909c3e2e0eb19b1e20506196e5f2d9c2259","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"2572c358ee434ce4b994472cceeb4043cbff5bc5","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"952637c5b9be64539cd0e13ef88db71a1df46373","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"fbb53727ca789a8d27052aab4b77ca9e2a0fae2b","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"f9608637ecc165d7d6341df105aee44691461fb9","status":"affected","versionType":"git"},{"version":"88139ed030583557751e279968e13e892ae10825","lessThan":"90a88306eb874fe4bbdd860e6c9787f5bbc588b5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/ti/netcp_core.c","drivers/soc/ti/knav_dma.c"],"versions":[{"version":"3.18","status":"affected"},{"version":"0","lessThan":"3.18","status":"unaffected","versionType":"semver"},{"version":"5.4.302","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.247","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.197","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.118","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.60","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.10","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.4.302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.10.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.15.197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.6.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.12.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.17.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3"},{"url":"https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b"},{"url":"https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259"},{"url":"https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5"},{"url":"https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373"},{"url":"https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b"},{"url":"https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9"},{"url":"https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5"}],"title":"net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error","x_generator":{"engine":"bippy-1.2.0"}}}}