CVE-2025-22049

low-risk

Published 2025-04-16

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCH_DMA_MINALIGN up to 16 ARCH_DMA_MINALIGN is 1 by default, but some LoongArch-specific devices (such as APBDMA) require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error writing cacheline. Thus, it is dangerous to allocate a small memory buffer for DMA. It's always safe to define ARCH_DMA_MINALIGN as L1_CACHE_BYTES but unnecessary (kmalloc() need small memory objects). Therefore, just increase it to 16.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (7)

Patch https://git.kernel.org/stable/c/1d0def2d1658666ec1f32c9495df60e7411e3c82

Patch https://git.kernel.org/stable/c/279ec25c2df49fba1cd9488f2ddd045d9cb2112e

Patch https://git.kernel.org/stable/c/4103cfe9dcb88010ae4911d3ff417457d1b6a720

Patch https://git.kernel.org/stable/c/8b82aea3666f8f2c78f86148d78aea99c46e0f82

Patch https://git.kernel.org/stable/c/bfff341cac7c650e6ca8d10503725992f5564d0f

Patch https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal