CVE-2025-38633
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabled while responding to getting -EPROBE_DEFER when requesting a reset controller. The needed clock (CLK_DMA, along with its parents) had already been enabled. To respond to the probe deferral return, the CLK_DMA clock was disabled, and this led to parent clocks also reducing their enable count. When the enable count for pll1_d8 was decremented it became 0, which caused it to be disabled. This led to a system hang. Marking that clock critical resolves this by preventing it from being disabled. Define a new macro CCU_FACTOR_GATE_DEFINE() to allow clock flags to be supplied for a CCU_FACTOR_GATE clock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's clock management system, specifically the pll1_d8 clock which is a parent clock for many others including those used by APB and AXI buses. The issue occurs because the pll1_d8 clock, enabled by the boot loader, could be disabled unintentionally when the system responds to a probe deferral (-EPROBE_DEFER) during reset controller requests. Disabling the CLK_DMA clock and its parents led to the pll1_d8 clock's enable count dropping to zero, causing it to be disabled and resulting in a system hang. The fix was to mark the pll1_d8 clock as critical to prevent it from being disabled.

Impact Analysis

This vulnerability can cause a system hang due to the unintended disabling of a critical clock (pll1_d8) in the Linux kernel. Since this clock is a parent to many others used by important buses (APB and AXI), its disablement can halt system operations, leading to potential downtime or system instability.

Mitigation Strategies

The vulnerability is resolved by marking the pll1_d8 clock as critical to prevent it from being disabled, which avoids system hangs. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38633. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart