CVE-2025-37837: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22 ------------[ cut here ]------------ WARNING: CPU: 5 PID: 1 at kernel/dma/mapping.c:74 dmam_free_coherent+0xc0/0xd8 Call trace: dmam_free_coherent+0xc0/0xd8 (P) tegra241_vintf_free_lvcmdq+0x74/0x188 tegra241_cmdqv_remove_vintf+0x60/0x148 tegra241_cmdqv_remove+0x48/0xc8 arm_smmu_impl_remove+0x28/0x60 devm_action_release+0x1c/0x40 ------------[ cut here ]------------ 128 pages are still in use! WARNING: CPU: 16 PID: 1 at mm/page_alloc.c:6902 free_contig_range+0x18c/0x1c8 Call trace: free_contig_range+0x18c/0x1c8 (P) cma_release+0x154/0x2f0 dma_free_contiguous+0x38/0xa0 dma_direct_free+0x10c/0x248 dma_free_attrs+0x100/0x290 dmam_free_coherent+0x78/0xd8 tegra241_vintf_free_lvcmdq+0x74/0x160 tegra241_cmdqv_remove+0x98/0x198 arm_smmu_impl_remove+0x28/0x60 devm_action_release+0x1c/0x40 This is because the LVCMDQ queue memory are managed by devres, while that dmam_free_coherent() is called in the context of devm_action_release(). Jason pointed out that "arm_smmu_impl_probe() has mis-ordered the devres callbacks if ops->device_remove() is going to be manually freeing things that probe allocated": https://lore.kernel.org/linux-iommu/20250407174408.GB1722458@nvidia.com/ In fact, tegra241_cmdqv_init_structures() only allocates memory resources which means any failure that it generates would be similar to -ENOMEM, so there is no point in having that "falling back to standard SMMU" routine, as the standard SMMU would likely fail to allocate memory too. Remove the unwind part in tegra241_cmdqv_init_structures(), and return a proper error code to ask SMMU driver to call tegra241_cmdqv_remove() via impl_ops->device_remove(). Then, drop tegra241_vintf_free_lvcmdq() since devres will take care of that.
AI Analysis
Technical Summary
CVE-2025-37837 is a vulnerability identified in the Linux kernel specifically related to the IOMMU (Input-Output Memory Management Unit) driver implementation for the Tegra241 platform, which is an NVIDIA SoC (System on Chip) commonly used in embedded systems. The issue arises from improper handling of memory resources during error conditions in the arm-smmu-v3.9.auto driver, which manages the System Memory Management Unit (SMMU) for ARM architectures. The vulnerability manifests as warnings and potential memory leaks when the SMMU driver attempts to roll back operations after a failure, particularly due to misordered devres (device resource) callbacks in the arm_smmu_impl_probe() function. This misordering leads to dmam_free_coherent() being called in the context of devm_action_release(), causing warnings and 128 pages of memory remaining allocated, indicating a resource leak. The root cause is that the tegra241_cmdqv_init_structures() function allocates memory resources but incorrectly attempts to fall back to a standard SMMU routine upon failure, which is ineffective since the fallback would likely fail similarly. The fix involves removing this fallback unwind logic and ensuring proper error codes are returned so that the SMMU driver can correctly invoke tegra241_cmdqv_remove() to release resources. Additionally, the redundant tegra241_vintf_free_lvcmdq() function is dropped because devres will handle resource cleanup. Although this vulnerability does not appear to be exploitable for remote code execution or privilege escalation, it can cause kernel warnings, resource leaks, and potential instability or denial of service in affected systems due to improper memory management in the kernel's DMA subsystem for Tegra241 devices. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2025-37837 primarily concerns embedded systems and devices running Linux kernels on NVIDIA Tegra241 platforms, which are often used in automotive, industrial control, and IoT applications. The vulnerability could lead to kernel instability, memory leaks, and potential denial of service conditions if the SMMU driver fails to properly release memory resources during error handling. This could affect the reliability and availability of critical systems, especially in sectors like automotive manufacturing, industrial automation, and telecommunications where Tegra-based embedded devices are deployed. While it does not directly lead to data breaches or privilege escalation, the resulting system instability could disrupt operations, cause unexpected reboots, or degrade performance. European organizations relying on such embedded Linux systems should be aware of this vulnerability to maintain system stability and avoid operational disruptions. Since the issue is related to low-level kernel memory management, it may also complicate forensic analysis or incident response if triggered.
Mitigation Recommendations
To mitigate CVE-2025-37837, organizations should: 1) Apply the official Linux kernel patches that address the misordering of devres callbacks and remove the faulty fallback logic in the tegra241_cmdqv_init_structures() function. 2) Ensure that all embedded devices using NVIDIA Tegra241 SoCs are running updated kernel versions that include this fix. 3) Conduct thorough testing of kernel updates in controlled environments before deployment to verify stability and absence of regressions. 4) Monitor kernel logs for warnings related to dmam_free_coherent() and arm-smmu-v3.9.auto errors to detect potential issues early. 5) Collaborate with device vendors and embedded system integrators to confirm that firmware and kernel versions are up to date. 6) Implement robust system monitoring and alerting to detect abnormal memory usage or kernel warnings indicative of this issue. 7) For critical systems, consider fallback or redundancy mechanisms to maintain availability in case of kernel instability. These steps go beyond generic advice by focusing on embedded Linux systems with Tegra241 hardware, emphasizing patch management, monitoring, and vendor coordination.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland
CVE-2025-37837: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22 ------------[ cut here ]------------ WARNING: CPU: 5 PID: 1 at kernel/dma/mapping.c:74 dmam_free_coherent+0xc0/0xd8 Call trace: dmam_free_coherent+0xc0/0xd8 (P) tegra241_vintf_free_lvcmdq+0x74/0x188 tegra241_cmdqv_remove_vintf+0x60/0x148 tegra241_cmdqv_remove+0x48/0xc8 arm_smmu_impl_remove+0x28/0x60 devm_action_release+0x1c/0x40 ------------[ cut here ]------------ 128 pages are still in use! WARNING: CPU: 16 PID: 1 at mm/page_alloc.c:6902 free_contig_range+0x18c/0x1c8 Call trace: free_contig_range+0x18c/0x1c8 (P) cma_release+0x154/0x2f0 dma_free_contiguous+0x38/0xa0 dma_direct_free+0x10c/0x248 dma_free_attrs+0x100/0x290 dmam_free_coherent+0x78/0xd8 tegra241_vintf_free_lvcmdq+0x74/0x160 tegra241_cmdqv_remove+0x98/0x198 arm_smmu_impl_remove+0x28/0x60 devm_action_release+0x1c/0x40 This is because the LVCMDQ queue memory are managed by devres, while that dmam_free_coherent() is called in the context of devm_action_release(). Jason pointed out that "arm_smmu_impl_probe() has mis-ordered the devres callbacks if ops->device_remove() is going to be manually freeing things that probe allocated": https://lore.kernel.org/linux-iommu/20250407174408.GB1722458@nvidia.com/ In fact, tegra241_cmdqv_init_structures() only allocates memory resources which means any failure that it generates would be similar to -ENOMEM, so there is no point in having that "falling back to standard SMMU" routine, as the standard SMMU would likely fail to allocate memory too. Remove the unwind part in tegra241_cmdqv_init_structures(), and return a proper error code to ask SMMU driver to call tegra241_cmdqv_remove() via impl_ops->device_remove(). Then, drop tegra241_vintf_free_lvcmdq() since devres will take care of that.
AI-Powered Analysis
Technical Analysis
CVE-2025-37837 is a vulnerability identified in the Linux kernel specifically related to the IOMMU (Input-Output Memory Management Unit) driver implementation for the Tegra241 platform, which is an NVIDIA SoC (System on Chip) commonly used in embedded systems. The issue arises from improper handling of memory resources during error conditions in the arm-smmu-v3.9.auto driver, which manages the System Memory Management Unit (SMMU) for ARM architectures. The vulnerability manifests as warnings and potential memory leaks when the SMMU driver attempts to roll back operations after a failure, particularly due to misordered devres (device resource) callbacks in the arm_smmu_impl_probe() function. This misordering leads to dmam_free_coherent() being called in the context of devm_action_release(), causing warnings and 128 pages of memory remaining allocated, indicating a resource leak. The root cause is that the tegra241_cmdqv_init_structures() function allocates memory resources but incorrectly attempts to fall back to a standard SMMU routine upon failure, which is ineffective since the fallback would likely fail similarly. The fix involves removing this fallback unwind logic and ensuring proper error codes are returned so that the SMMU driver can correctly invoke tegra241_cmdqv_remove() to release resources. Additionally, the redundant tegra241_vintf_free_lvcmdq() function is dropped because devres will handle resource cleanup. Although this vulnerability does not appear to be exploitable for remote code execution or privilege escalation, it can cause kernel warnings, resource leaks, and potential instability or denial of service in affected systems due to improper memory management in the kernel's DMA subsystem for Tegra241 devices. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2025-37837 primarily concerns embedded systems and devices running Linux kernels on NVIDIA Tegra241 platforms, which are often used in automotive, industrial control, and IoT applications. The vulnerability could lead to kernel instability, memory leaks, and potential denial of service conditions if the SMMU driver fails to properly release memory resources during error handling. This could affect the reliability and availability of critical systems, especially in sectors like automotive manufacturing, industrial automation, and telecommunications where Tegra-based embedded devices are deployed. While it does not directly lead to data breaches or privilege escalation, the resulting system instability could disrupt operations, cause unexpected reboots, or degrade performance. European organizations relying on such embedded Linux systems should be aware of this vulnerability to maintain system stability and avoid operational disruptions. Since the issue is related to low-level kernel memory management, it may also complicate forensic analysis or incident response if triggered.
Mitigation Recommendations
To mitigate CVE-2025-37837, organizations should: 1) Apply the official Linux kernel patches that address the misordering of devres callbacks and remove the faulty fallback logic in the tegra241_cmdqv_init_structures() function. 2) Ensure that all embedded devices using NVIDIA Tegra241 SoCs are running updated kernel versions that include this fix. 3) Conduct thorough testing of kernel updates in controlled environments before deployment to verify stability and absence of regressions. 4) Monitor kernel logs for warnings related to dmam_free_coherent() and arm-smmu-v3.9.auto errors to detect potential issues early. 5) Collaborate with device vendors and embedded system integrators to confirm that firmware and kernel versions are up to date. 6) Implement robust system monitoring and alerting to detect abnormal memory usage or kernel warnings indicative of this issue. 7) For critical systems, consider fallback or redundancy mechanisms to maintain availability in case of kernel instability. These steps go beyond generic advice by focusing on embedded Linux systems with Tegra241 hardware, emphasizing patch management, monitoring, and vendor coordination.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.952Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9818c4522896dcbd7c18
Added to database: 5/21/2025, 9:08:40 AM
Last enriched: 7/4/2025, 12:12:44 AM
Last updated: 8/17/2025, 12:59:29 AM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.