CVE-2025-37840: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nand_operation that checks chip select field : WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8 [ 14.588553] Modules linked in: bdc udc_core [ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16 [ 14.588590] Tainted: [W]=WARN [ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree) [ 14.588598] Call trace: [ 14.588604] dump_backtrace from show_stack+0x18/0x1c [ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c [ 14.588625] show_stack from dump_stack_lvl+0x70/0x7c [ 14.588639] dump_stack_lvl from dump_stack+0x18/0x1c [ 14.588653] r5:c08d40b0 r4:c1003cb0 [ 14.588656] dump_stack from __warn+0x84/0xe4 [ 14.588668] __warn from warn_slowpath_fmt+0x18c/0x194 [ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000 [ 14.588681] warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8 [ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048 [ 14.588697] nand_reset_op from brcmnand_resume+0x13c/0x150 [ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040 [ 14.588717] brcmnand_resume from platform_pm_resume+0x34/0x54 [ 14.588735] r5:00000010 r4:c0840a50 [ 14.588738] platform_pm_resume from dpm_run_callback+0x5c/0x14c [ 14.588757] dpm_run_callback from device_resume+0xc0/0x324 [ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010 [ 14.588779] device_resume from dpm_resume+0x130/0x160 [ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0 [ 14.588802] dpm_resume from dpm_resume_end+0x14/0x20 [ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414 [ 14.588826] r4:00000010 [ 14.588828] dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8 [ 14.588848] r5:c228a414 r4:00000000 [ 14.588851] suspend_devices_and_enter from pm_suspend+0x228/0x2bc [ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000 [ 14.588871] r4:00000003 [ 14.588874] pm_suspend from state_store+0x74/0xd0 [ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003 [ 14.588892] state_store from kobj_attr_store+0x1c/0x28 [ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250 [ 14.588916] kobj_attr_store from sysfs_kf_write+0x40/0x4c [ 14.588936] r5:c3502900 r4:c0d92a48 [ 14.588939] sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0 [ 14.588956] r5:c3502900 r4:c3501f40 [ 14.588960] kernfs_fop_write_iter from vfs_write+0x250/0x420 [ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00 [ 14.588983] r4:c042a88c [ 14.588987] vfs_write from ksys_write+0x74/0xe4 [ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00 [ 14.589008] r4:c34f7f00 [ 14.589011] ksys_write from sys_write+0x10/0x14 [ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004 [ 14.589032] sys_write from ret_fast_syscall+0x0/0x5c [ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0) [ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001 [ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78 [ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8 [ 14.589065] ---[ end trace 0000000000000000 ]--- The fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when doing PM resume operation in compliance with the controller support for single die nand chip. Switching from nand_reset_op() to nan ---truncated---
AI Analysis
Technical Summary
CVE-2025-37840 is a vulnerability identified in the Linux kernel specifically affecting the raw NAND flash memory driver for Broadcom NAND controllers (brcmnand). The issue arises during the power management (PM) resume operation where an uninitialized nand_operation structure is used, leading to a warning triggered by the kernel's WARN_ON macro. This warning indicates that the chip select (cs) field in the nand_operation structure is out of bounds relative to the number of NAND targets supported by the chip. The root cause is the use of the lower-level nand_reset_op() function with an uninitialized operation structure during PM resume, which does not properly handle the chip select field. The fix involves switching to the higher-level nand_reset() function with a chip number of zero, aligning with the controller's support for single-die NAND chips and ensuring proper initialization. This correction prevents kernel warnings and potential instability during resume from suspend states. Although the vulnerability primarily manifests as a kernel warning, it indicates improper handling of NAND operations that could potentially lead to undefined behavior or system instability on affected devices. The vulnerability affects Linux kernel versions identified by the commit hash 97d90da8a886949f09bb4754843fb0b504956ad2 and similar builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to embedded systems or devices using Broadcom NAND controllers with Linux kernel support, particularly during power management transitions.
Potential Impact
For European organizations, the impact of CVE-2025-37840 is primarily relevant to those deploying embedded Linux systems or devices that utilize Broadcom NAND flash memory controllers, such as set-top boxes, network appliances, or IoT devices. The vulnerability could cause kernel warnings and potential instability during system resume from suspend states, which may lead to device crashes or degraded performance. This could affect operational continuity in environments relying on such embedded devices, including telecommunications infrastructure, industrial control systems, or consumer electronics. While no direct evidence suggests this vulnerability leads to privilege escalation or remote code execution, the improper handling of NAND operations during power management could be exploited in complex attack chains or cause denial of service conditions. European organizations with critical infrastructure or supply chains dependent on embedded Linux devices should be aware of this vulnerability to avoid unexpected downtime or hardware malfunctions. The lack of known exploits reduces immediate risk, but the potential for system instability warrants timely patching to maintain reliability and security compliance.
Mitigation Recommendations
To mitigate CVE-2025-37840, European organizations should: 1) Identify all embedded Linux devices and systems using Broadcom NAND controllers, particularly those running affected kernel versions. 2) Apply the official Linux kernel patches or updates that replace nand_reset_op() calls with nand_reset() during PM resume operations. If vendor-specific firmware updates are available for affected devices, deploy them promptly. 3) For custom or in-house Linux builds, integrate the patch corresponding to commit 97d90da8a886949f09bb4754843fb0b504956ad2 or later stable releases that include the fix. 4) Conduct thorough testing of power management suspend/resume cycles post-patching to ensure system stability and absence of kernel warnings. 5) Monitor kernel logs for any residual warnings related to NAND operations to detect incomplete remediation. 6) Implement device inventory and configuration management to track vulnerable systems and ensure timely updates. 7) For critical infrastructure, consider network segmentation and access controls to limit exposure of embedded devices to potential attackers. These steps go beyond generic advice by focusing on embedded device identification, patch integration, and operational validation specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2025-37840: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nand_operation that checks chip select field : WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8 [ 14.588553] Modules linked in: bdc udc_core [ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16 [ 14.588590] Tainted: [W]=WARN [ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree) [ 14.588598] Call trace: [ 14.588604] dump_backtrace from show_stack+0x18/0x1c [ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c [ 14.588625] show_stack from dump_stack_lvl+0x70/0x7c [ 14.588639] dump_stack_lvl from dump_stack+0x18/0x1c [ 14.588653] r5:c08d40b0 r4:c1003cb0 [ 14.588656] dump_stack from __warn+0x84/0xe4 [ 14.588668] __warn from warn_slowpath_fmt+0x18c/0x194 [ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000 [ 14.588681] warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8 [ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048 [ 14.588697] nand_reset_op from brcmnand_resume+0x13c/0x150 [ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040 [ 14.588717] brcmnand_resume from platform_pm_resume+0x34/0x54 [ 14.588735] r5:00000010 r4:c0840a50 [ 14.588738] platform_pm_resume from dpm_run_callback+0x5c/0x14c [ 14.588757] dpm_run_callback from device_resume+0xc0/0x324 [ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010 [ 14.588779] device_resume from dpm_resume+0x130/0x160 [ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0 [ 14.588802] dpm_resume from dpm_resume_end+0x14/0x20 [ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414 [ 14.588826] r4:00000010 [ 14.588828] dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8 [ 14.588848] r5:c228a414 r4:00000000 [ 14.588851] suspend_devices_and_enter from pm_suspend+0x228/0x2bc [ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000 [ 14.588871] r4:00000003 [ 14.588874] pm_suspend from state_store+0x74/0xd0 [ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003 [ 14.588892] state_store from kobj_attr_store+0x1c/0x28 [ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250 [ 14.588916] kobj_attr_store from sysfs_kf_write+0x40/0x4c [ 14.588936] r5:c3502900 r4:c0d92a48 [ 14.588939] sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0 [ 14.588956] r5:c3502900 r4:c3501f40 [ 14.588960] kernfs_fop_write_iter from vfs_write+0x250/0x420 [ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00 [ 14.588983] r4:c042a88c [ 14.588987] vfs_write from ksys_write+0x74/0xe4 [ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00 [ 14.589008] r4:c34f7f00 [ 14.589011] ksys_write from sys_write+0x10/0x14 [ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004 [ 14.589032] sys_write from ret_fast_syscall+0x0/0x5c [ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0) [ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001 [ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78 [ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8 [ 14.589065] ---[ end trace 0000000000000000 ]--- The fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when doing PM resume operation in compliance with the controller support for single die nand chip. Switching from nand_reset_op() to nan ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2025-37840 is a vulnerability identified in the Linux kernel specifically affecting the raw NAND flash memory driver for Broadcom NAND controllers (brcmnand). The issue arises during the power management (PM) resume operation where an uninitialized nand_operation structure is used, leading to a warning triggered by the kernel's WARN_ON macro. This warning indicates that the chip select (cs) field in the nand_operation structure is out of bounds relative to the number of NAND targets supported by the chip. The root cause is the use of the lower-level nand_reset_op() function with an uninitialized operation structure during PM resume, which does not properly handle the chip select field. The fix involves switching to the higher-level nand_reset() function with a chip number of zero, aligning with the controller's support for single-die NAND chips and ensuring proper initialization. This correction prevents kernel warnings and potential instability during resume from suspend states. Although the vulnerability primarily manifests as a kernel warning, it indicates improper handling of NAND operations that could potentially lead to undefined behavior or system instability on affected devices. The vulnerability affects Linux kernel versions identified by the commit hash 97d90da8a886949f09bb4754843fb0b504956ad2 and similar builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to embedded systems or devices using Broadcom NAND controllers with Linux kernel support, particularly during power management transitions.
Potential Impact
For European organizations, the impact of CVE-2025-37840 is primarily relevant to those deploying embedded Linux systems or devices that utilize Broadcom NAND flash memory controllers, such as set-top boxes, network appliances, or IoT devices. The vulnerability could cause kernel warnings and potential instability during system resume from suspend states, which may lead to device crashes or degraded performance. This could affect operational continuity in environments relying on such embedded devices, including telecommunications infrastructure, industrial control systems, or consumer electronics. While no direct evidence suggests this vulnerability leads to privilege escalation or remote code execution, the improper handling of NAND operations during power management could be exploited in complex attack chains or cause denial of service conditions. European organizations with critical infrastructure or supply chains dependent on embedded Linux devices should be aware of this vulnerability to avoid unexpected downtime or hardware malfunctions. The lack of known exploits reduces immediate risk, but the potential for system instability warrants timely patching to maintain reliability and security compliance.
Mitigation Recommendations
To mitigate CVE-2025-37840, European organizations should: 1) Identify all embedded Linux devices and systems using Broadcom NAND controllers, particularly those running affected kernel versions. 2) Apply the official Linux kernel patches or updates that replace nand_reset_op() calls with nand_reset() during PM resume operations. If vendor-specific firmware updates are available for affected devices, deploy them promptly. 3) For custom or in-house Linux builds, integrate the patch corresponding to commit 97d90da8a886949f09bb4754843fb0b504956ad2 or later stable releases that include the fix. 4) Conduct thorough testing of power management suspend/resume cycles post-patching to ensure system stability and absence of kernel warnings. 5) Monitor kernel logs for any residual warnings related to NAND operations to detect incomplete remediation. 6) Implement device inventory and configuration management to track vulnerable systems and ensure timely updates. 7) For critical infrastructure, consider network segmentation and access controls to limit exposure of embedded devices to potential attackers. These steps go beyond generic advice by focusing on embedded device identification, patch integration, and operational validation specific to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.952Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9818c4522896dcbd7c28
Added to database: 5/21/2025, 9:08:40 AM
Last enriched: 7/4/2025, 12:13:12 AM
Last updated: 8/9/2025, 2:42:16 AM
Views: 20
Related Threats
CVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.