CVE-2025-38398: 
Linux Ubuntu vulnerability analysis and mitigation

A memory corruption vulnerability was discovered in the Linux kernel's SPI QPIC SNAND driver, identified as CVE-2025-38398. The issue was disclosed on July 25, 2025, affecting the spi-qpic-snand component. The vulnerability stems from improper memory allocation for BAM transactions, where the initial allocation is done for only one 'codeword' before the actual required size is known (NVD).

The vulnerability occurs when the driver performs flash operations where the number of required transactions exceeds the size of the allocated arrays, leading to out-of-bounds memory access. The issue manifests in two ways: first, through swiotlb mapping failures with error messages indicating buffer fullness, and second, through system panics due to NULL pointer dereference or bad spinlock magic. The root cause is traced to the qcomnandcalloc() function which allocates memory for BAM transactions during probe, but only for one 'codeword' when the actual required space depends on the pagesize of the NAND chip (NVD).

The vulnerability can lead to system crashes, memory corruption, and potential system instability. When triggered, it can cause either a swiotlb buffer overflow or system panics due to NULL pointer dereference. This affects systems using the mtd_nandbiterrs module for testing the driver (NVD).

The fix involves modifying the code to free the initially allocated BAM transactions memory and allocate new memory once the actual number of 'codewords' required for a given NAND chip is known (NVD).