FKIE_CVE-2025-38336

Vulnerability from fkie_nvd - Published: 2025-07-10 09:15 - Updated: 2025-11-03 18:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also prevent the system from booting. In this case, the system hangs when reading the ATIP from optical media with cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an Optiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4, running at UDMA/33. The issue can be reproduced by running the same command with a cygwin build of cdrecord on WinXP, although it requires more attempts to cause it. The hang in that case is also resolved by forcing PIO. It doesn't appear that VIA has produced any drivers for that OS, thus no known workaround exists. HDDs attached to the controller do not suffer from any DMA issues.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0d9a48dfa934f43ac839211ae4aeba34f666a9a5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/67d66a5e4583fd3bcf13d6f747e571df13cbad51
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7fc89c218fc96a296a2840b1e37f4e0975f7a108
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8212cd92fe40aae6fe5a073bc70e758c42bb4bfc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8edfed4439b107d62151ff6c075958d169da3e71
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/947f9304d3c876c6672b947b80c0ef51161c6d2f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bb7212ee4ff086628a2c1c22336d082a87cb893d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d29fc02caad7f94b62d56ee1b01c954f9c961ba7
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: pata_via: Forzar PIO para dispositivos ATAPI en VT6415/VT6330 El controlador tiene un error de hardware que puede bloquear el sistema al realizar DMA ATAPI sin dejar rastro de lo sucedido. Dependiendo del dispositivo conectado, tambi\u00e9n puede impedir que el sistema arranque. En este caso, el sistema se bloquea al leer el ATIP desde un medio \u00f3ptico con cdrecord -vvv -atip en un _NEC DVD_RW ND-4571A 1-01 y un Optiarc DVD RW AD-7200A 1.06 conectados a un ASRock 990FX Extreme 4, corriendo en UDMA/33. El problema se puede reproducir ejecutando el mismo comando con una compilaci\u00f3n cygwin de cdrecord en WinXP, aunque requiere m\u00e1s intentos para provocarlo. El bloqueo en ese caso tambi\u00e9n se resuelve forzando PIO. No parece que VIA haya producido ning\u00fan controlador para ese sistema operativo, por lo que no existe ninguna soluci\u00f3n alternativa conocida. Los discos duros conectados al controlador no sufren ning\u00fan problema de DMA."
    }
  ],
  "id": "CVE-2025-38336",
  "lastModified": "2025-11-03T18:16:14.570",
  "metrics": {},
  "published": "2025-07-10T09:15:28.230",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0d9a48dfa934f43ac839211ae4aeba34f666a9a5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/67d66a5e4583fd3bcf13d6f747e571df13cbad51"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7fc89c218fc96a296a2840b1e37f4e0975f7a108"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8212cd92fe40aae6fe5a073bc70e758c42bb4bfc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8edfed4439b107d62151ff6c075958d169da3e71"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/947f9304d3c876c6672b947b80c0ef51161c6d2f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bb7212ee4ff086628a2c1c22336d082a87cb893d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d29fc02caad7f94b62d56ee1b01c954f9c961ba7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.