ghsa-jx3q-xcpc-36h3
Vulnerability from github
Published
2025-09-05 18:31
Modified
2025-09-05 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: fix panic due to PSLVERR

When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled.

In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FIFO via serial_out(p, UART_FCR, p->fcr). Execution proceeds to the serial_port_in(port, UART_RX). This satisfies the PSLVERR trigger condition.

When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) == (lcr & ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter dw8250_force_idle().

Put serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port->lock to fix this issue.

Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a [ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e ... [ 0.442416] console_on_rootfs+0x26/0x70

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39724"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:50Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[    0.442336] Oops - unknown exception [#1]\n[    0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[    0.442351]  ra : serial8250_do_startup+0x2c8/0x88e\n...\n[    0.442416] console_on_rootfs+0x26/0x70",
  "id": "GHSA-jx3q-xcpc-36h3",
  "modified": "2025-09-05T18:31:27Z",
  "published": "2025-09-05T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39724"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b882f00655afefbc7729c6b5aec86f7a5473a3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38c0ea484dedb58cb3a4391229933e16be0d1031"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68c4613e89f000e8198f9ace643082c697921c9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f8fdd4dbffc05982b96caf586f77a014b2a9353"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e2739478c164147d0774802008528d9e03fb802"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8ca8e3f75ede308b4d49a6ca5081460be01bdb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c826943abf473a3f7260fbadfad65e44db475460"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb7b3633ed749db8e56f475f43c960652cbd6882"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.