CVE-2025-68204
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add(). Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure. Example crash trace observed without this fix: | Unable to handle kernel paging request at virtual address fffffffffffffc70 | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : genpd_debug_add+0x2c/0x160 | lr : genpd_debug_init+0x74/0x98 | Call trace: | genpd_debug_add+0x2c/0x160 (P) | genpd_debug_init+0x74/0x98 | do_one_initcall+0xd0/0x2d8 | do_initcall_level+0xa0/0x140 | do_initcalls+0x60/0xa8 | do_basic_setup+0x28/0x40 | kernel_init_freeable+0xe8/0x170 | kernel_init+0x2c/0x140 | ret_from_fork+0x10/0x20
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68204
EUVD
EUVD-2025-203692
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.18.0-rc1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ARM SCMI power domain management. If the function of_genpd_add_provider_onecell() fails during the device probe process, the previously created generic power domains are not properly removed. This leads to a memory leak and can cause a kernel crash later in the genpd_debug_add() function. The issue arises because error handling was missing to clean up initialized domains on failure, which has now been fixed by adding proper resource cleanup during probe failure.


How can this vulnerability impact me? :

The vulnerability can cause memory leaks in the Linux kernel, which may eventually lead to a kernel crash. This can result in system instability, unexpected reboots, or downtime, especially on ARM platforms using the affected power domain management code.


What immediate steps should I take to mitigate this vulnerability?

Apply the updated Linux kernel version that includes the fix for the pmdomain: arm: scmi generic power domain leak. This fix ensures proper error handling during provider registration failure to prevent memory leaks and potential kernel crashes. Until the patch is applied, monitor for kernel crashes related to genpd_debug_add and consider avoiding affected hardware or kernel configurations if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart