ghsa-c8h7-f9cr-785x
Vulnerability from github
Published
2025-12-16 15:30
Modified
2025-12-16 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: arm: scmi: Fix genpd leak on provider registration failure

If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add().

Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure.

Example crash trace observed without this fix:

| Unable to handle kernel paging request at virtual address fffffffffffffc70 | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : genpd_debug_add+0x2c/0x160 | lr : genpd_debug_init+0x74/0x98 | Call trace: | genpd_debug_add+0x2c/0x160 (P) | genpd_debug_init+0x74/0x98 | do_one_initcall+0xd0/0x2d8 | do_initcall_level+0xa0/0x140 | do_initcalls+0x60/0xa8 | do_basic_setup+0x28/0x40 | kernel_init_freeable+0xe8/0x170 | kernel_init+0x2c/0x140 | ret_from_fork+0x10/0x20

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-68204"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:53Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: arm: scmi: Fix genpd leak on provider registration failure\n\nIf of_genpd_add_provider_onecell() fails during probe, the previously\ncreated generic power domains are not removed, leading to a memory leak\nand potential kernel crash later in genpd_debug_add().\n\nAdd proper error handling to unwind the initialized domains before\nreturning from probe to ensure all resources are correctly released on\nfailure.\n\nExample crash trace observed without this fix:\n\n  | Unable to handle kernel paging request at virtual address fffffffffffffc70\n  | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT\n  | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform\n  | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  | pc : genpd_debug_add+0x2c/0x160\n  | lr : genpd_debug_init+0x74/0x98\n  | Call trace:\n  |  genpd_debug_add+0x2c/0x160 (P)\n  |  genpd_debug_init+0x74/0x98\n  |  do_one_initcall+0xd0/0x2d8\n  |  do_initcall_level+0xa0/0x140\n  |  do_initcalls+0x60/0xa8\n  |  do_basic_setup+0x28/0x40\n  |  kernel_init_freeable+0xe8/0x170\n  |  kernel_init+0x2c/0x140\n  |  ret_from_fork+0x10/0x20",
  "id": "GHSA-c8h7-f9cr-785x",
  "modified": "2025-12-16T15:30:45Z",
  "published": "2025-12-16T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68204"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18249a167ffd91b4b4fbd92afd4ddcbf3af81f35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/582f48d22eb5676fe7be3589b986ddd29f7bf4d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7458f72cc28f9eb0de811effcb5376d0ec19094a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f569197f7ad09319af960bd7e43109de5c67c04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/921b090841ae7a08b19ab14495bdf8636dc31e21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/983e91da82ec3e331600108f9be3ea61236f5c75"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad120c08b89a81d41d091490bbe150343473b659"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6e11d320fd6cbaef6d589f2fcb45aa25a6b960a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.