{"id":"CVE-2025-38284","summary":"wifi: rtw89: pci: configure manual DAC mode via PCI config API only","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: pci: configure manual DAC mode via PCI config API only\n\nTo support 36-bit DMA, configure chip proprietary bit via PCI config API\nor chip DBI interface. However, the PCI device mmap isn't set yet and\nthe DBI is also inaccessible via mmap, so only if the bit can be accessible\nvia PCI config API, chip can support 36-bit DMA. Otherwise, fallback to\n32-bit DMA.\n\nWith NULL mmap address, kernel throws trace:\n\n  BUG: unable to handle page fault for address: 0000000000001090\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 0 P4D 0\n  Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n  CPU: 1 UID: 0 PID: 71 Comm: irq/26-pciehp Tainted: G           OE      6.14.2-061402-generic #202504101348\n  Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n  RIP: 0010:rtw89_pci_ops_write16+0x12/0x30 [rtw89_pci]\n  RSP: 0018:ffffb0ffc0acf9d8 EFLAGS: 00010206\n  RAX: ffffffffc158f9c0 RBX: ffff94865e702020 RCX: 0000000000000000\n  RDX: 0000000000000718 RSI: 0000000000001090 RDI: ffff94865e702020\n  RBP: ffffb0ffc0acf9d8 R08: 0000000000000000 R09: 0000000000000000\n  R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000015\n  R13: 0000000000000719 R14: ffffb0ffc0acfa1f R15: ffffffffc1813060\n  FS:  0000000000000000(0000) GS:ffff9486f3480000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000001090 CR3: 0000000090440001 CR4: 00000000000626f0\n  Call Trace:\n   \u003cTASK\u003e\n   rtw89_pci_read_config_byte+0x6d/0x120 [rtw89_pci]\n   rtw89_pci_cfg_dac+0x5b/0xb0 [rtw89_pci]\n   rtw89_pci_probe+0xa96/0xbd0 [rtw89_pci]\n   ? __pfx___device_attach_driver+0x10/0x10\n   ? __pfx___device_attach_driver+0x10/0x10\n   local_pci_probe+0x47/0xa0\n   pci_call_probe+0x5d/0x190\n   pci_device_probe+0xa7/0x160\n   really_probe+0xf9/0x370\n   ? pm_runtime_barrier+0x55/0xa0\n   __driver_probe_device+0x8c/0x140\n   driver_probe_device+0x24/0xd0\n   __device_attach_driver+0xcd/0x170\n   bus_for_each_drv+0x99/0x100\n   __device_attach+0xb4/0x1d0\n   device_attach+0x10/0x20\n   pci_bus_add_device+0x59/0x90\n   pci_bus_add_devices+0x31/0x80\n   pciehp_configure_device+0xaa/0x170\n   pciehp_enable_slot+0xd6/0x240\n   pciehp_handle_presence_or_link_change+0xf1/0x180\n   pciehp_ist+0x162/0x1c0\n   irq_thread_fn+0x24/0x70\n   irq_thread+0xef/0x1c0\n   ? __pfx_irq_thread_fn+0x10/0x10\n   ? __pfx_irq_thread_dtor+0x10/0x10\n   ? __pfx_irq_thread+0x10/0x10\n   kthread+0xfc/0x230\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x47/0x70\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   \u003c/TASK\u003e","modified":"2026-04-02T12:47:54.693535Z","published":"2025-07-10T07:42:01.667Z","related":["CGA-p9cc-86pg-9p25"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38284.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/a70cf04b08f44f41bce14659aa7012674b15d9de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1e0f046041474004dc6ebce5ce1d3e86556291d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38284.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38284"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1fd4b3fe52efd5ad1647966f619c10988e7a4457"},{"fixed":"e1e0f046041474004dc6ebce5ce1d3e86556291d"},{"fixed":"a70cf04b08f44f41bce14659aa7012674b15d9de"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38284.json"}}],"schema_version":"1.7.5"}