{"id":"CVE-2025-38486","summary":"soundwire: Revert \"soundwire: qcom: Add set_channel_map api support\"","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: Revert \"soundwire: qcom: Add set_channel_map api support\"\n\nThis reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5.\n\nThis patch broke Dragonboard 845c (sdm845). I see:\n\n    Unexpected kernel BRK exception at EL1\n    Internal error: BRK handler: 00000000f20003e8 [#1]  SMP\n    pc : qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom]\n    lr : snd_soc_dai_set_channel_map+0x34/0x78\n    Call trace:\n     qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] (P)\n     sdm845_dai_init+0x18c/0x2e0 [snd_soc_sdm845]\n     snd_soc_link_init+0x28/0x6c\n     snd_soc_bind_card+0x5f4/0xb0c\n     snd_soc_register_card+0x148/0x1a4\n     devm_snd_soc_register_card+0x50/0xb0\n     sdm845_snd_platform_probe+0x124/0x148 [snd_soc_sdm845]\n     platform_probe+0x6c/0xd0\n     really_probe+0xc0/0x2a4\n     __driver_probe_device+0x7c/0x130\n     driver_probe_device+0x40/0x118\n     __device_attach_driver+0xc4/0x108\n     bus_for_each_drv+0x8c/0xf0\n     __device_attach+0xa4/0x198\n     device_initial_probe+0x18/0x28\n     bus_probe_device+0xb8/0xbc\n     deferred_probe_work_func+0xac/0xfc\n     process_one_work+0x244/0x658\n     worker_thread+0x1b4/0x360\n     kthread+0x148/0x228\n     ret_from_fork+0x10/0x20\n    Kernel panic - not syncing: BRK handler: Fatal exception\n\nDan has also reported following issues with the original patch\nhttps://lore.kernel.org/all/33fe8fe7-719a-405a-9ed2-d9f816ce1d57@sabinyo.mountain/\n\nBug #1:\nThe zeroeth element of ctrl-\u003epconfig[] is supposed to be unused.  We\nstart counting at 1.  However this code sets ctrl-\u003epconfig[0].ch_mask = 128.\n\nBug #2:\nThere are SLIM_MAX_TX_PORTS (16) elements in tx_ch[] array but only\nQCOM_SDW_MAX_PORTS + 1 (15) in the ctrl-\u003epconfig[] array so it corrupts\nmemory like Yongqin Liu pointed out.\n\nBug 3:\nLike Jie Gan pointed out, it erases all the tx information with the rx\ninformation.","modified":"2026-04-02T12:47:59.960280Z","published":"2025-07-28T11:21:50.349Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38486.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/207cea8b72fcbdf4e6db178e54186ed4f1514b3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/834bce6a715ae9a9c4dce7892454a19adf22b013"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38486.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38486"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7796c97df6b1b2206681a07f3c80f6023a6593d5"},{"fixed":"207cea8b72fcbdf4e6db178e54186ed4f1514b3c"},{"fixed":"834bce6a715ae9a9c4dce7892454a19adf22b013"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38486.json"}}],"schema_version":"1.7.5"}