CVE-2025-38624
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only destroyed in pnv_php_free_slot(), instead of pnv_php_disable_irq(). This is required since pnv_php_disable_irq() will now be called by workers triggered by hot unplug interrupts, so the workqueue needs to stay allocated. The abridged kernel panic that occurs without this patch is as follows: WARNING: CPU: 0 PID: 687 at kernel/irq/msi.c:292 msi_device_data_release+0x6c/0x9c CPU: 0 UID: 0 PID: 687 Comm: bash Not tainted 6.14.0-rc5+ #2 Call Trace: msi_device_data_release+0x34/0x9c (unreliable) release_nodes+0x64/0x13c devres_release_all+0xc0/0x140 device_del+0x2d4/0x46c pci_destroy_dev+0x5c/0x194 pci_hp_remove_devices+0x90/0x128 pci_hp_remove_devices+0x44/0x128 pnv_php_disable_slot+0x54/0xd4 power_write_file+0xf8/0x18c pci_slot_attr_store+0x40/0x5c sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290 vfs_write+0x3bc/0x50c ksys_write+0x84/0x140 system_call_exception+0x124/0x230 system_call_vectored_common+0x15c/0x2ec [bhelgaas: tidy comments]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-03
Generated
2026-05-27
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38624
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's pnv_php driver, which handles PCIe hotplug events. When the root of a nested PCIe bridge configuration is unplugged, the driver fails to properly clean up allocated IRQ (interrupt request) resources for child bridges. This resource leak can lead to a kernel panic, causing the system to crash. The issue is fixed by ensuring all child buses have their IRQ resources deallocated before removing devices, and by adjusting the lifetime of a workqueue to prevent premature destruction during hot unplug interrupts.


How can this vulnerability impact me? :

This vulnerability can cause a kernel panic, which results in a system crash. Such crashes can lead to system downtime, potential data loss, and disruption of services relying on the affected Linux kernel. Systems using nested PCIe bridge configurations with the pnv_php driver are particularly at risk when unplugging devices, as the improper cleanup of IRQ resources triggers the panic.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the pnv_php driver to ensure proper cleanup of allocated IRQs on unplug. This involves updating the Linux kernel to a version that includes the fix for CVE-2025-38624, which walks all child buses and deallocates IRQ resources before calling pci_hp_remove_devices(), and modifies the lifetime of the workqueue in pnv_php_slot to prevent kernel panic.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart