fkie_cve-2025-38649
Vulnerability from fkie_nvd
Published
2025-08-22 16:15
Modified
2025-08-22 18:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresight_find_activated_sysfs_sink function is recursively invoked in an attempt to locate an active sink device, ultimately leading to a stack overflow and system crash. Therefore, disable the replicator1 to break the infinite loop and prevent a potential stack overflow. replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out [call trace] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] ... coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_enable_sysfs+0x80/0x2a0 [coresight] side effect after the change: Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\n\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\n\nreplicator1_out   -\u003e   funnel_swao_in6   -\u003e   tmc_etf_swao_in   -\u003e  tmc_etf_swao_out\n     |                                                                     |\nreplicator1_in                                                     replicator_swao_in\n     |                                                                     |\nreplicator0_out1                                                   replicator_swao_out0\n     |                                                                     |\nreplicator0_in                                                     funnel_in1_in3\n     |                                                                     |\ntmc_etf_out \u003c- tmc_etf_in \u003c- funnel_merg_out \u003c- funnel_merg_in1 \u003c- funnel_in1_out\n\n[call trace]\n   dump_backtrace+0x9c/0x128\n   show_stack+0x20/0x38\n   dump_stack_lvl+0x48/0x60\n   dump_stack+0x18/0x28\n   panic+0x340/0x3b0\n   nmi_panic+0x94/0xa0\n   panic_bad_stack+0x114/0x138\n   handle_bad_stack+0x34/0xb8\n   __bad_stack+0x78/0x80\n   coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   ...\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_enable_sysfs+0x80/0x2a0 [coresight]\n\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: dts: qcom: qcs615: se corrige un problema de bloqueo causado por un bucle infinito para Coresight. Los dispositivos Coresight han creado un bucle infinito. Cuando solo se habilita un dispositivo de origen, la funci\u00f3n coresight_find_activated_sysfs_sink se invoca recursivamente para intentar localizar un dispositivo receptor activo, lo que finalmente provoca un desbordamiento de pila y un bloqueo del sistema. Por lo tanto, deshabilite replicator1 para romper el bucle infinito y evitar un posible desbordamiento de pila. replicator1_out -\u0026gt; funnel_swao_in6 -\u0026gt; tmc_etf_swao_in -\u0026gt; tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out \u0026lt;- tmc_etf_in \u0026lt;- funnel_merg_out \u0026lt;- funnel_merg_in1 \u0026lt;- funnel_in1_out [rastreo de llamadas] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] efecto secundario despu\u00e9s del cambio: Solo los datos de seguimiento originados desde AOSS pueden alcanzar los receptores ETF_SWAO y EUD."
    }
  ],
  "id": "CVE-2025-38649",
  "lastModified": "2025-08-22T18:08:51.663",
  "metrics": {},
  "published": "2025-08-22T16:15:39.617",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.