CVE-2025-38010
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses bias_pad_enable as a reference count to manage the shared bias pad for all UTMI PHYs. However, during system suspension with connected USB devices, multiple power-down requests for the UTMI pad result in a mismatch in the reference count, which in turn produces warnings such as: [ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763103] Call trace: [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30 [ 237.763110] phy_power_off+0x48/0x100 [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500 [ 237.763119] tegra_xusb_suspend+0x48/0x140 [ 237.763122] platform_pm_suspend+0x2c/0xb0 [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0 [ 237.763127] __device_suspend+0x118/0x330 [ 237.763129] dpm_suspend+0x10c/0x1f0 [ 237.763130] dpm_suspend_start+0x88/0xb0 [ 237.763132] suspend_devices_and_enter+0x120/0x500 [ 237.763135] pm_suspend+0x1ec/0x270 The root cause was traced back to the dynamic power-down changes introduced in commit a30951d31b25 ("xhci: tegra: USB2 pad power controls"), where the UTMI pad was being powered down without verifying its current state. This unbalanced behavior led to discrepancies in the reference count. To rectify this issue, this patch replaces the single reference counter with a bitmask, renamed to utmi_pad_enabled. Each bit in the mask corresponds to one of the four USB2 PHYs, allowing us to track each pad's enablement status individually. With this change: - The bias pad is powered on only when the mask is clear. - Each UTMI pad is powered on or down based on its corresponding bit in the mask, preventing redundant operations. - The overall power state of the shared bias pad is maintained correctly during suspend/resume cycles. The mutex used to prevent race conditions during UTMI pad enable/disable operations has been moved from the tegra186_utmi_bias_pad_power_on/off functions to the parent functions tegra186_utmi_pad_power_on/down. This change ensures that there are no race conditions when updating the bitmask.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-17
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38010
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's Tegra xusb driver involves improper tracking of the UTMI pad power state. The current implementation uses a single reference count (bias_pad_enable) to manage the shared bias pad for all UTMI PHYs. During system suspension with connected USB devices, multiple power-down requests cause a mismatch in this reference count, leading to warnings and potential power state inconsistencies. The root cause is that the UTMI pad was powered down without verifying its current state, causing unbalanced reference counting. The fix replaces the single reference counter with a bitmask to track each of the four USB2 PHY pads individually, ensuring correct power state management and preventing race conditions.


How can this vulnerability impact me? :

This vulnerability can cause incorrect power state management of USB PHY pads during system suspend/resume cycles, leading to kernel warnings and potentially unstable or unexpected behavior in USB device handling. It may result in power management issues, such as improper powering down or up of USB components, which could affect system stability or USB device functionality during suspend or resume operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to the UTMI pad power state mismatch. Look for kernel warnings similar to: "WARNING: CPU: ... at tegra186_utmi_pad_power_down" and the associated call trace. You can use the command `dmesg | grep tegra186_utmi_pad_power_down` or `journalctl -k | grep tegra186_utmi_pad_power_down` to find these warnings in the kernel logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version that includes the patch fixing this issue. The patch replaces the single reference counter with a bitmask to correctly track the UTMI pad power state and prevents race conditions. Until the update is applied, monitoring for the warning messages and avoiding system suspend/resume cycles with connected USB devices may reduce the risk of encountering the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart