ghsa-qqwv-fwgc-v6cp
Vulnerability from github
Published
2025-08-22 18:31
Modified
2025-08-22 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight

An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresight_find_activated_sysfs_sink function is recursively invoked in an attempt to locate an active sink device, ultimately leading to a stack overflow and system crash. Therefore, disable the replicator1 to break the infinite loop and prevent a potential stack overflow.

replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out

[call trace] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] ... coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_enable_sysfs+0x80/0x2a0 [coresight]

side effect after the change: Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38649"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:39Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\n\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\n\nreplicator1_out   -\u003e   funnel_swao_in6   -\u003e   tmc_etf_swao_in   -\u003e  tmc_etf_swao_out\n     |                                                                     |\nreplicator1_in                                                     replicator_swao_in\n     |                                                                     |\nreplicator0_out1                                                   replicator_swao_out0\n     |                                                                     |\nreplicator0_in                                                     funnel_in1_in3\n     |                                                                     |\ntmc_etf_out \u003c- tmc_etf_in \u003c- funnel_merg_out \u003c- funnel_merg_in1 \u003c- funnel_in1_out\n\n[call trace]\n   dump_backtrace+0x9c/0x128\n   show_stack+0x20/0x38\n   dump_stack_lvl+0x48/0x60\n   dump_stack+0x18/0x28\n   panic+0x340/0x3b0\n   nmi_panic+0x94/0xa0\n   panic_bad_stack+0x114/0x138\n   handle_bad_stack+0x34/0xb8\n   __bad_stack+0x78/0x80\n   coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   ...\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_enable_sysfs+0x80/0x2a0 [coresight]\n\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.",
  "id": "GHSA-qqwv-fwgc-v6cp",
  "modified": "2025-08-22T18:31:22Z",
  "published": "2025-08-22T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38649"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.