CVE-2025-71299
Received Received - Intake
Clock Disable Issue in Cadence QuadSPI Controller

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance") made the fact that when we do a pm_runtime_disable() in the error paths of probe() we can trigger a runtime disable which in turn results in duplicate clock disables. This is particularly likely to happen when there is missing or broken DT description for the flashes attached to the controller. Early on in the probe function we do a pm_runtime_get_noresume() since the probe function leaves the device in a powered up state but in the error path we can't assume that PM is enabled so we also manually disable everything, including clocks. This means that when runtime PM is active both it and the probe function release the same reference to the main clock for the IP, triggering warnings from the clock subsystem: [ 8.693719] clk:75:7 already disabled [ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb ... [ 8.694261] clk_core_disable+0xa0/0xb4 (P) [ 8.694272] clk_disable+0x38/0x60 [ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi] [ 8.694309] platform_probe+0x5c/0xa4 Dealing with this issue properly is complicated by the fact that we don't know if runtime PM is active so can't tell if it will disable the clocks or not. We can, however, sidestep the issue for the flash descriptions by moving their parsing to when we parse the controller properties which also save us doing a bunch of setup which can never be used so let's do that.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2025-71299
EUVD
EUVD-2025-209748
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cadence quadspi *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's cadence-quadspi SPI driver. It arises from a recent refactoring related to runtime power management (PM). Specifically, when the driver encounters an error during the probe process, it disables runtime PM and manually disables clocks. However, if runtime PM is already active, both the runtime PM and the probe function attempt to disable the same clock resource, causing duplicate clock disable calls.

This results in warnings from the clock subsystem, indicating that a clock is being disabled more than once. The root cause is that the driver cannot reliably detect if runtime PM is active during error handling, leading to this double disable scenario. The fix involves moving the parsing of flash descriptions to an earlier stage, avoiding unnecessary setup and preventing the duplicate disable issue.


How can this vulnerability impact me? :

This vulnerability can cause warnings and errors in the kernel's clock management subsystem due to duplicate clock disable calls. While the description does not explicitly mention system crashes or data loss, such warnings can indicate instability or improper hardware management, potentially leading to unpredictable behavior or degraded system reliability.

In embedded systems or devices relying on the cadence-quadspi controller, this could result in issues during device initialization or power management, possibly affecting device performance or causing failures in flash memory access.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to clock disables in the cadence-quadspi driver.

Look for kernel log entries similar to the following, which indicate duplicate clock disables triggered by the vulnerability:

  • [ 8.693719] clk:75:7 already disabled
  • [ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb
  • [ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi]

To detect these messages, you can use the following command to filter kernel logs:

  • dmesg | grep -i 'clk.*already disabled'
  • journalctl -k | grep -i 'clk.*already disabled'

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the device tree (DT) descriptions for the flashes attached to the cadence-quadspi controller are complete and correct.

This vulnerability arises due to missing or broken DT descriptions causing duplicate clock disables during error handling in the probe function.

If possible, update the Linux kernel to a version that includes the fix which refactors the parsing of flash descriptions to the controller property parsing stage, avoiding the problematic runtime PM disable sequence.

As a temporary workaround, monitor for the warning messages and avoid triggering error paths in the probe function that lead to pm_runtime_disable() calls.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart