CVE-2025-38631
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP Workqueue: events_unbound deferred_probe_work_func pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : clk_mux_get_parent+0x60/0x90 lr : clk_core_reparent_orphans_nolock+0x58/0xd8 Call trace: clk_mux_get_parent+0x60/0x90 clk_core_reparent_orphans_nolock+0x58/0xd8 of_clk_add_hw_provider.part.0+0x90/0x100 of_clk_add_hw_provider+0x1c/0x38 imx95_bc_probe+0x2e0/0x3f0 platform_probe+0x70/0xd8 Enabling runtime PM without explicitly resuming the device caused the power domain cut off after clk_register() is called. As a result, a crash happens when the clock hardware provider is added and attempts to access the BLK_CTL register. Fix this by using devm_pm_runtime_enable() instead of pm_runtime_enable() and getting rid of the pm_runtime_disable() in the cleanup path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38631
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's clock management for the imx95-blk-ctl component. When runtime power management (PM) is enabled for clock suppliers that are part of a power domain, a crash happens due to a synchronous external abort error. This crash is caused because enabling runtime PM without explicitly resuming the device leads to the power domain being cut off after clk_register() is called. Consequently, when the clock hardware provider tries to access the BLK_CTL register, the system crashes. The fix involves using devm_pm_runtime_enable() instead of pm_runtime_enable() and removing pm_runtime_disable() in the cleanup path to properly manage the device's runtime PM state.

Impact Analysis

This vulnerability can cause system crashes in environments using the affected Linux kernel component, specifically when runtime power management is enabled for certain clock suppliers. Such crashes can lead to system instability, unexpected downtime, and potential loss of data or service availability.

Mitigation Strategies

Apply the fix by replacing pm_runtime_enable() with devm_pm_runtime_enable() and removing pm_runtime_disable() in the cleanup path in the affected Linux kernel code. This prevents the crash caused by enabling runtime PM without explicitly resuming the device. Updating to a kernel version that includes this fix is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38631. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart