ghsa-jm3q-7w4m-jc2w
Vulnerability from github
Published
2025-08-22 18:31
Modified
2025-08-28 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: pnv_php: Fix surprise plug detection and recovery

The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices.

This comes down to two issues:

1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from the bridge hotplug notification logic will not be received by the kernel, stalling all plug events on all slots associated with the PE.

2) When a device is removed from a slot, regardless of surprise or programmatic removal, the associated PHB/PE ls left frozen. If this freeze is not cleared via a fundamental reset, skiboot is unable to clear the freeze and cannot retrain / rescan the slot. This also requires a reboot to clear the freeze and redetect the device in the slot.

Issue the appropriate unfreeze and rescan commands on hotplug events, and don't oops on hotplug if pci_bus_to_OF_node() returns NULL.

[bhelgaas: tidy comments]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38623"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Fix surprise plug detection and recovery\n\nThe existing PowerNV hotplug code did not handle surprise plug events\ncorrectly, leading to a complete failure of the hotplug system after device\nremoval and a required reboot to detect new devices.\n\nThis comes down to two issues:\n\n 1) When a device is surprise removed, often the bridge upstream\n    port will cause a PE freeze on the PHB.  If this freeze is not\n    cleared, the MSI interrupts from the bridge hotplug notification\n    logic will not be received by the kernel, stalling all plug events\n    on all slots associated with the PE.\n\n 2) When a device is removed from a slot, regardless of surprise or\n    programmatic removal, the associated PHB/PE ls left frozen.\n    If this freeze is not cleared via a fundamental reset, skiboot\n    is unable to clear the freeze and cannot retrain / rescan the\n    slot.  This also requires a reboot to clear the freeze and redetect\n    the device in the slot.\n\nIssue the appropriate unfreeze and rescan commands on hotplug events,\nand don\u0027t oops on hotplug if pci_bus_to_OF_node() returns NULL.\n\n[bhelgaas: tidy comments]",
  "id": "GHSA-jm3q-7w4m-jc2w",
  "modified": "2025-08-28T15:30:39Z",
  "published": "2025-08-22T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38623"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d2f63680c5719a5da92639e981c6c9a87fcee08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ec8ec57bb8ebde3e2a015eff80e5d66e6634fe3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48c6935a34981bb56f35be0774ec1f30c6e386f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e7b24c71e530a6c1d656e73d8a30ee081656844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e7b5f922901585b8f11e0d6cda12bda5c59fc8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78d20b8c13075eae3d884c21db7a09a6bbdda5b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2a2a6fc2469524caa713036297c542746d148dc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.