CVE-2025-40108
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-09

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the first one causes regression - hang task on Qualcomm RB1 board (QRB2210) and unable to use serial at all during normal boot: INFO: task kworker/u16:0:12 blocked for more than 42 seconds. Not tainted 6.17.0-rc1-00004-g53e760d89498 #9 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack:0 pid:12 tgid:12 ppid:2 task_flags:0x4208060 flags:0x00000010 Workqueue: async async_run_entry_fn Call trace: __switch_to+0xe8/0x1a0 (T) __schedule+0x290/0x7c0 schedule+0x34/0x118 rpm_resume+0x14c/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c __pm_runtime_resume+0x50/0x9c __driver_probe_device+0x58/0x120 driver_probe_device+0x3c/0x154 __driver_attach_async_helper+0x4c/0xc0 async_run_entry_fn+0x34/0xe0 process_one_work+0x148/0x290 worker_thread+0x2c4/0x3e0 kthread+0x118/0x1c0 ret_from_fork+0x10/0x20 The issue was reported on 12th of August and was ignored by author of commits introducing issue for two weeks. Only after complaining author produced a fix which did not work, so if original commits cannot be reliably fixed for 5 weeks, they obviously are buggy and need to be dropped.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-09
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40108
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.17.0-rc1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a bug in the Linux kernel's Qualcomm serial driver (qcom-geni) that causes a task to become blocked or hang during normal boot on certain Qualcomm hardware (specifically the RB1 board, QRB2210). The issue was introduced by enabling power management runtime for the serial driver, which led to a regression where the kernel worker task gets stuck for an extended period, making the serial interface unusable during boot. The fix involved reverting the problematic commits that caused this hang.


How can this vulnerability impact me? :

This vulnerability can cause the system to hang or block a kernel worker task during boot, specifically affecting the serial interface on Qualcomm RB1 hardware. This means that the serial port may become unusable during normal system startup, potentially preventing communication or debugging via serial console and impacting system reliability and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing blocked tasks related to the Qualcomm serial driver in the Linux kernel logs. Specifically, look for messages indicating a task such as 'kworker/u16:0' being blocked for more than 42 seconds. You can check kernel logs using commands like 'dmesg | grep kworker' or 'journalctl -k | grep kworker'. Additionally, monitoring for the specific hung task message can help identify the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves reverting the problematic commits that introduced the issue, specifically commit 1afa70632c39 and its dependent commit 86fa39dd6fb7, as these cause the task hang on Qualcomm RB1 boards. Alternatively, you can disable the hung task warning by running 'echo 0 > /proc/sys/kernel/hung_task_timeout_secs' to suppress the message temporarily, but this does not fix the underlying issue. The best approach is to apply the fix that removes or reverts the faulty commits.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart