ghsa-wqc8-4945-8xxr
Vulnerability from github
Published
2025-11-09 06:30
Modified
2025-11-09 06:30
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: qcom-geni: Fix blocked task

Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the first one causes regression - hang task on Qualcomm RB1 board (QRB2210) and unable to use serial at all during normal boot:

INFO: task kworker/u16:0:12 blocked for more than 42 seconds. Not tainted 6.17.0-rc1-00004-g53e760d89498 #9 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack:0 pid:12 tgid:12 ppid:2 task_flags:0x4208060 flags:0x00000010 Workqueue: async async_run_entry_fn Call trace: __switch_to+0xe8/0x1a0 (T) __schedule+0x290/0x7c0 schedule+0x34/0x118 rpm_resume+0x14c/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c __pm_runtime_resume+0x50/0x9c __driver_probe_device+0x58/0x120 driver_probe_device+0x3c/0x154 __driver_attach_async_helper+0x4c/0xc0 async_run_entry_fn+0x34/0xe0 process_one_work+0x148/0x290 worker_thread+0x2c4/0x3e0 kthread+0x118/0x1c0 ret_from_fork+0x10/0x20

The issue was reported on 12th of August and was ignored by author of commits introducing issue for two weeks. Only after complaining author produced a fix which did not work, so if original commits cannot be reliably fixed for 5 weeks, they obviously are buggy and need to be dropped.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-40108"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-09T05:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: qcom-geni: Fix blocked task\n\nRevert commit 1afa70632c39 (\"serial: qcom-geni: Enable PM runtime for\nserial driver\") and its dependent commit 86fa39dd6fb7 (\"serial:\nqcom-geni: Enable Serial on SA8255p Qualcomm platforms\") because the\nfirst one causes regression - hang task on Qualcomm RB1 board (QRB2210)\nand unable to use serial at all during normal boot:\n\n  INFO: task kworker/u16:0:12 blocked for more than 42 seconds.\n        Not tainted 6.17.0-rc1-00004-g53e760d89498 #9\n  \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n  task:kworker/u16:0   state:D stack:0     pid:12    tgid:12    ppid:2      task_flags:0x4208060 flags:0x00000010\n  Workqueue: async async_run_entry_fn\n  Call trace:\n   __switch_to+0xe8/0x1a0 (T)\n   __schedule+0x290/0x7c0\n   schedule+0x34/0x118\n   rpm_resume+0x14c/0x66c\n   rpm_resume+0x2a4/0x66c\n   rpm_resume+0x2a4/0x66c\n   rpm_resume+0x2a4/0x66c\n   __pm_runtime_resume+0x50/0x9c\n   __driver_probe_device+0x58/0x120\n   driver_probe_device+0x3c/0x154\n   __driver_attach_async_helper+0x4c/0xc0\n   async_run_entry_fn+0x34/0xe0\n   process_one_work+0x148/0x290\n   worker_thread+0x2c4/0x3e0\n   kthread+0x118/0x1c0\n   ret_from_fork+0x10/0x20\n\nThe issue was reported on 12th of August and was ignored by author of\ncommits introducing issue for two weeks.  Only after complaining author\nproduced a fix which did not work, so if original commits cannot be\nreliably fixed for 5 weeks, they obviously are buggy and need to be\ndropped.",
  "id": "GHSA-wqc8-4945-8xxr",
  "modified": "2025-11-09T06:30:24Z",
  "published": "2025-11-09T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40108"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e810d81769e16637bcd845ba37fbc1eba5d4bd2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a699213d4e6ef4286348c6439837990f121e0c03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.