CVE-2025-38633
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabled while responding to getting -EPROBE_DEFER when requesting a reset controller. The needed clock (CLK_DMA, along with its parents) had already been enabled. To respond to the probe deferral return, the CLK_DMA clock was disabled, and this led to parent clocks also reducing their enable count. When the enable count for pll1_d8 was decremented it became 0, which caused it to be disabled. This led to a system hang. Marking that clock critical resolves this by preventing it from being disabled. Define a new macro CCU_FACTOR_GATE_DEFINE() to allow clock flags to be supplied for a CCU_FACTOR_GATE clock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-05-27
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's clock management system, specifically the pll1_d8 clock which is a parent clock for many others including those used by APB and AXI buses. The issue occurs because the pll1_d8 clock, enabled by the boot loader, could be disabled unintentionally when the system responds to a probe deferral (-EPROBE_DEFER) during reset controller requests. Disabling the CLK_DMA clock and its parents led to the pll1_d8 clock's enable count dropping to zero, causing it to be disabled and resulting in a system hang. The fix was to mark the pll1_d8 clock as critical to prevent it from being disabled.


How can this vulnerability impact me? :

This vulnerability can cause a system hang due to the unintended disabling of a critical clock (pll1_d8) in the Linux kernel. Since this clock is a parent to many others used by important buses (APB and AXI), its disablement can halt system operations, leading to potential downtime or system instability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by marking the pll1_d8 clock as critical to prevent it from being disabled, which avoids system hangs. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart