CVE-2025-38649

EPSS 0.02%
Veröffentlicht 22.08.2025 16:00:53
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight

An infinite loop has been created by the Coresight devices. When only a
source device is enabled, the coresight_find_activated_sysfs_sink function
is recursively invoked in an attempt to locate an active sink device,
ultimately leading to a stack overflow and system crash. Therefore, disable
the replicator1 to break the infinite loop and prevent a potential stack
overflow.

replicator1_out   ->   funnel_swao_in6   ->   tmc_etf_swao_in   ->  tmc_etf_swao_out
     |                                                                     |
replicator1_in                                                     replicator_swao_in
     |                                                                     |
replicator0_out1                                                   replicator_swao_out0
     |                                                                     |
replicator0_in                                                     funnel_in1_in3
     |                                                                     |
tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out

[call trace]
   dump_backtrace+0x9c/0x128
   show_stack+0x20/0x38
   dump_stack_lvl+0x48/0x60
   dump_stack+0x18/0x28
   panic+0x340/0x3b0
   nmi_panic+0x94/0xa0
   panic_bad_stack+0x114/0x138
   handle_bad_stack+0x34/0xb8
   __bad_stack+0x78/0x80
   coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
   ...
   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
   coresight_enable_sysfs+0x80/0x2a0 [coresight]

side effect after the change:
Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a9aaadcb0a6ce0c19616c46525112bc947c6f2b1

Version bf469630552a3950d0370dd5fd1f9bf0145d09d5

Status affected

Version < fbe5be7893b8c7f58c999a26839cd30bc07654c6

Version bf469630552a3950d0370dd5fd1f9bf0145d09d5

Status affected

Version < bd4f35786d5f0798cc1f8c187a81a7c998e6c58f

Version bf469630552a3950d0370dd5fd1f9bf0145d09d5

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version < 6.14

Version 0

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1

https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6

https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f

https://nvd.nist.gov/vuln/detail/CVE-2025-38649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38649

EUVD