CVE-2025-38623
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from the bridge hotplug notification logic will not be received by the kernel, stalling all plug events on all slots associated with the PE. 2) When a device is removed from a slot, regardless of surprise or programmatic removal, the associated PHB/PE ls left frozen. If this freeze is not cleared via a fundamental reset, skiboot is unable to clear the freeze and cannot retrain / rescan the slot. This also requires a reboot to clear the freeze and redetect the device in the slot. Issue the appropriate unfreeze and rescan commands on hotplug events, and don't oops on hotplug if pci_bus_to_OF_node() returns NULL. [bhelgaas: tidy comments]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-03
Generated
2026-05-27
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38623
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's PowerNV hotplug code involves improper handling of surprise plug events. When a device is unexpectedly removed, the upstream bridge port can cause a PE freeze on the PHB, preventing MSI interrupts from being received and stalling all plug events on associated slots. Additionally, when a device is removed, the PHB/PE remains frozen and cannot be cleared without a reboot, causing the hotplug system to fail and requiring a system reboot to detect new devices. The fix involves issuing appropriate unfreeze and rescan commands during hotplug events to prevent these failures.


How can this vulnerability impact me? :

This vulnerability can cause the hotplug system to completely fail after device removal, leading to stalled plug events and requiring a system reboot to detect new devices. This can result in downtime, reduced system availability, and inconvenience due to the need for reboots to recover from device removal events.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the system applies the fix that issues the appropriate unfreeze and rescan commands on hotplug events. Avoid rebooting by clearing the PE freeze on the PHB after device removal. If the system is affected, a reboot may be required to clear the freeze and redetect devices until the fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart