CVE-2025-40352
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: key ffff00008a3402a8 has not been registered! ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 4 PID: 592 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x1d4/0x2a0 <snip> Call trace: lockdep_init_map_type+0x1d4/0x2a0 __kernfs_create_file+0x84/0x140 sysfs_add_file_mode_ns+0xcc/0x1cc internal_create_group+0x110/0x3d4 internal_create_groups.part.0+0x54/0xcc sysfs_create_groups+0x24/0x40 device_add+0x6e8/0x93c device_register+0x28/0x40 __hwmon_device_register+0x4b0/0x8a0 devm_hwmon_device_register_with_groups+0x7c/0xe0 mlxbf_pmc_probe+0x1e8/0x3e0 [mlxbf_pmc] platform_probe+0x70/0x110 The mlxbf_pmc driver must call sysfs_attr_init() during the initialization of the "count_clock" data structure to avoid this warning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40352
EUVD
EUVD-2025-203635
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mellanox mlxbf_pmc *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the mlxbf_pmc driver in the Linux kernel, specifically related to the BlueField-3 SOC. The driver fails to call sysfs_attr_init() during the initialization of the 'count_clock' data structure, which causes a lock-related debug warning (CONFIG_LOCK_STAT) during boot. This warning indicates that a key has not been registered properly, which is a sign of improper lock initialization in the kernel's locking subsystem.

Impact Analysis

The impact of this vulnerability is primarily a kernel warning related to lock debugging, which may indicate improper lock initialization. While the description does not specify direct security consequences such as privilege escalation or denial of service, the warning could lead to instability or unexpected behavior during system boot on affected hardware (BlueField-3 SOC).

Detection Guidance

This vulnerability can be detected by observing the kernel boot logs for the specific warning message: 'BUG: key ffff00008a3402a8 has not been registered!' along with DEBUG_LOCKS_WARN_ON(1) and related call traces involving mlxbf_pmc. You can check the kernel logs using commands such as 'dmesg | grep -i mlxbf_pmc' or 'journalctl -k | grep -i mlxbf_pmc' to find these warnings.

Mitigation Strategies

To mitigate this vulnerability, ensure that the mlxbf_pmc driver calls sysfs_attr_init() during the initialization of the 'count_clock' data structure. This fix prevents the lock-related debug warning. Applying the updated Linux kernel version that includes this fix is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart