CVE-2025-38633 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-38633 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabled while responding to getting -EPROBE_DEFER when requesting a reset controller. The needed clock (CLK_DMA, along with its parents) had already been enabled. To respond to the probe deferral return, the CLK_DMA clock was disabled, and this led to parent clocks also reducing their enable count. When the enable count for pll1_d8 was decremented it became 0, which caused it to be disabled. This led to a system hang. Marking that clock critical resolves this by preventing it from being disabled. Define a new macro CCU_FACTOR_GATE_DEFINE() to allow clock flags to be supplied for a CCU_FACTOR_GATE clock.

EPSS 0.02% · 5.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

5.2th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	1b72c59db0add8e47fa116b21f78ed0b09a264f3, 1b72c59db0add8e47fa116b21f78ed0b09a264f3, 6.16
linux	linux_kernel	6.16, 6.16, 6.16

Timeline

Jan 21, 1970 Security Advisory
Aug 22, 2025 Coalition ESS Score
Aug 22, 2025 CVE Published
Aug 23, 2025 EPSS Score
Aug 26, 2025 Coalition ESS Score
Aug 30, 2025 EPSS Score
Sep 7, 2025 EPSS Score
Sep 14, 2025 EPSS Score
Sep 19, 2025 Coalition ESS Score
Sep 22, 2025 EPSS Score
Sep 26, 2025 Coalition ESS Score
Sep 29, 2025 EPSS Score

References

Open in Interactive Console →