Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error[EOL][EOL]Make knav_dma_open_channel consistently return NULL on error instead[EOL]of ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h[EOL]returns NULL when the driver is disabled, but the driver[EOL]implementation does not even return NULL or ERR_PTR on failure,[EOL]causing inconsistency in the users. This results in a crash in[EOL]netcp_free_navigator_resources as followed (trimmed):[EOL][EOL]Unhandled fault: alignment exception (0x221) at 0xfffffff2[EOL][fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000[EOL]Internal error: : 221 [#1] SMP ARM[EOL]Modules linked in:[EOL]CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE[EOL]Hardware name: Keystone[EOL]PC is at knav_dma_close_channel+0x30/0x19c[EOL]LR is at netcp_free_navigator_resources+0x2c/0x28c[EOL][EOL][... TRIM...][EOL][EOL]Call trace:[EOL] knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c[EOL] netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c[EOL] netcp_ndo_open from __dev_open+0x114/0x29c[EOL] __dev_open from __dev_change_flags+0x190/0x208[EOL] __dev_change_flags from netif_change_flags+0x1c/0x58[EOL] netif_change_flags from dev_change_flags+0x38/0xa0[EOL] dev_change_flags from ip_auto_config+0x2c4/0x11f0[EOL] ip_auto_config from do_one_initcall+0x58/0x200[EOL] do_one_initcall from kernel_init_freeable+0x1cc/0x238[EOL] kernel_init_freeable from kernel_init+0x1c/0x12c[EOL] kernel_init from ret_from_fork+0x14/0x38[EOL][... TRIM...][EOL][EOL]Standardize the error handling by making the function return NULL on[EOL]all error conditions. The API is used in just the netcp_core.c so the[EOL]impact is limited.[EOL][EOL]Note, this change, in effect reverts commit 5b6cb43b4d62 ("net:[EOL]ethernet: ti: netcp_core: return error while dma channel open issue"),[EOL]but provides a less error prone implementation.
