CVE-2025-38631

EPSS 0.03%
Published 22.08.2025 16:00:39
Last modified 22.08.2025 18:08:51
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

clk: imx95-blk-ctl: Fix synchronous abort

When enabling runtime PM for clock suppliers that also belong to a power
domain, the following crash is thrown:
error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP
Workqueue: events_unbound deferred_probe_work_func
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : clk_mux_get_parent+0x60/0x90
lr : clk_core_reparent_orphans_nolock+0x58/0xd8
  Call trace:
   clk_mux_get_parent+0x60/0x90
   clk_core_reparent_orphans_nolock+0x58/0xd8
   of_clk_add_hw_provider.part.0+0x90/0x100
   of_clk_add_hw_provider+0x1c/0x38
   imx95_bc_probe+0x2e0/0x3f0
   platform_probe+0x70/0xd8

Enabling runtime PM without explicitly resuming the device caused
the power domain cut off after clk_register() is called. As a result,
a crash happens when the clock hardware provider is added and attempts
to access the BLK_CTL register.

Fix this by using devm_pm_runtime_enable() instead of pm_runtime_enable()
and getting rid of the pm_runtime_disable() in the cleanup path.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < c1dead8bb303f86905ea6a09e5acda931165453b

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

Version < 9f0ee0baf25b46bb82655c687718ebb0ae1def7b

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

Version < 533dc3cb375cabd8a2beba293d63ef2acd3d0005

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

Version < b08217a257215ed9130fce93d35feba66b49bf0a

Version 5224b189462ff70df328f173b71acfd925092c3c

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.10

Status affected

Version < 6.10

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.42

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/c1dead8bb303f86905ea6a09e5acda931165453b

https://git.kernel.org/stable/c/9f0ee0baf25b46bb82655c687718ebb0ae1def7b

https://git.kernel.org/stable/c/533dc3cb375cabd8a2beba293d63ef2acd3d0005

https://git.kernel.org/stable/c/b08217a257215ed9130fce93d35feba66b49bf0a

https://nvd.nist.gov/vuln/detail/CVE-2025-38631

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38631

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38631

EUVD