Volerion logoVolerion
Volerion logoVolerion

Linux Kernel DMA Device Null Pointer Dereference Vulnerability in Cadence NAND Controller

Vulnerability

A vulnerability in the Linux kernel's handling of DMA resources for the Cadence NAND controller can lead to a null pointer dereference. This issue arises because the DMA device pointer was accessed before confirming that the associated control structure was properly initialized. The vulnerability affects the MTD (Memory Technology Device) subsystem, specifically within the NAND driver for Cadence controllers.

Impact

The vulnerability can cause a null pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by using a Cadence NAND controller in the Linux kernel. The issue occurs when the DMA device pointer is accessed before the DMA channel is properly initialized, which can happen during the normal operation of the NAND controller driver.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.

Added: Dec 16, 2025, 4:00 PM
Updated: Dec 16, 2025, 4:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.