VDB

CVE-2025-38633

CVE-2025-38633 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabled while responding to getting -EPROBE_DEFER when requesting a reset controller. The needed clock (CLK_DMA, along with its parents) had already been enabled. To respond to the probe deferral return, the CLK_DMA clock was disabled, and this led to parent clocks also reducing their enable count. When the enable count for pll1_d8 was decremented it became 0, which caused it to be disabled. This led to a system hang. Marking that clock critical resolves this by preventing it from being disabled. Define a new macro CCU_FACTOR_GATE_DEFINE() to allow clock flags to be supplied for a CCU_FACTOR_GATE clock.

EPSS 0.03% · 8.3th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.03%
8.3th percentile

Affected Products

VendorProductVersions
LinuxLinux6.16.1, 6.16, 0
linuxlinux_kernel6.16, 6.16, 6.16

Timeline

  • Jan 21, 1970 Security Advisory
  • Aug 22, 2025 Coalition ESS Score
  • Aug 22, 2025 CVE Published
  • Aug 23, 2025 EPSS Score
  • Aug 26, 2025 Coalition ESS Score
  • Aug 31, 2025 EPSS Score
  • Sep 8, 2025 EPSS Score
  • Sep 16, 2025 EPSS Score
  • Sep 19, 2025 Coalition ESS Score
  • Sep 24, 2025 EPSS Score
  • Sep 26, 2025 Coalition ESS Score
  • Oct 2, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›