CVE-2025-39788— scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Affected Version Matrix 16
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 55f4b1f73631a0817717fe6e98517de51b4c3527< 01510a9e8222f11cce064410f3c2fcf0756c0a08 | affected |
55f4b1f73631a0817717fe6e98517de51b4c3527< 098b2c8ee208c77126839047b9e6e1925bb35baa | affected | ||
55f4b1f73631a0817717fe6e98517de51b4c3527< c1f025da8f370a015e412b55cbcc583f91de8316 | affected | ||
55f4b1f73631a0817717fe6e98517de51b4c3527< 6d53b2a134da77eb7fe65c5c7c7a3c193539a78a | affected | ||
55f4b1f73631a0817717fe6e98517de51b4c3527< dc8fb963742f1a38d284946638f9358bdaa0ddee | affected | ||
55f4b1f73631a0817717fe6e98517de51b4c3527< 5b9f1ef293428ea9c0871d96fcec2a87c4445832 | affected | ||
55f4b1f73631a0817717fe6e98517de51b4c3527< 01aad16c2257ab8ff33b152b972c9f2e1af47912 | affected | ||
5.9 | affected | ||
| … +8 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-39788
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning: UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int' For consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE write.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于HCI_UTRL_NEXUS_TYPE编程错误,可能导致未定义行为。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-39788
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-39788
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-09-11 · 54 CVEs total
| CVE-2025-39773 | net: bridge: fix soft lockup in br_multicast_query_expired() | |
| CVE-2025-39791 | dm: dm-crypt: Do not partially accept write BIOs with zoned targets | |
| CVE-2025-39784 | PCI: Fix link speed calculation on retrain failure | |
| CVE-2025-39787 | soc: qcom: mdt_loader: Ensure we don't read past the ELF header | |
| CVE-2025-39786 | iio: adc: ad7173: fix channels index for syscalib_mode | |
| CVE-2025-39785 | drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local | |
| CVE-2025-39789 | crypto: x86/aegis - Add missing error checks | |
| CVE-2025-39776 | mm/debug_vm_pgtable: clear page table entries at destroy_args() | |
| CVE-2025-39775 | mm/mremap: fix WARN with uffd that has remap events disabled | |
| CVE-2025-39774 | iio: adc: rzg2l_adc: Set driver data before enabling runtime PM | |
| CVE-2025-39777 | crypto: acomp - Fix CFI failure due to type punning | |
| CVE-2025-39772 | drm/hisilicon/hibmc: fix the hibmc loaded failed bug | |
| CVE-2025-39771 | regulator: pca9450: Use devm_register_sys_off_handler | |
| CVE-2025-39770 | net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM | |
| CVE-2025-39769 | bnxt_en: Fix lockdep warning during rmmod | |
| CVE-2025-39768 | net/mlx5: HWS, fix complex rules rehash error flow | |
| CVE-2025-39766 | net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit | |
| CVE-2025-39767 | LoongArch: Optimize module load time by optimizing PLT/GOT counting | |
| CVE-2025-39765 | ALSA: timer: fix ida_free call while not allocated | |
| CVE-2025-39764 | netfilter: ctnetlink: remove refcounting in expectation dumpers |
Showing top 20 of 54 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2025-39788
No comments yet