ghsa-wx79-2q2c-86qm
Vulnerability from github
Published
2025-09-23 21:30
Modified
2025-09-23 21:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: ipq8074: fix PCI-E clock oops

Fix PCI-E clock related kernel oops that are caused by a missing clock parent.

pcie0_rchng_clk_src has num_parents set to 2 but only one parent is actually set via parent_hws, it should also have "XO" defined. This will cause the kernel to panic on a NULL pointer in clk_core_get_parent_by_index().

So, to fix this utilize clk_parent_data to provide gcc_xo_gpll0 parent data. Since there is already an existing static const char * const gcc_xo_gpll0[] used to provide the same parents via parent_names convert those users to clk_parent_data as well.

Without this earlycon is needed to even catch the OOPS as it will reset the board before serial is initialized with the following:

[ 0.232279] Unable to handle kernel paging request at virtual address 0000a00000000000 [ 0.232322] Mem abort info: [ 0.239094] ESR = 0x96000004 [ 0.241778] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.244908] SET = 0, FnV = 0 [ 0.250377] EA = 0, S1PTW = 0 [ 0.253236] FSC = 0x04: level 0 translation fault [ 0.256277] Data abort info: [ 0.261141] ISV = 0, ISS = 0x00000004 [ 0.264262] CM = 0, WnR = 0 [ 0.267820] [0000a00000000000] address between user and kernel address ranges [ 0.270954] Internal error: Oops: 96000004 [#1] SMP [ 0.278067] Modules linked in: [ 0.282751] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.10 #0 [ 0.285882] Hardware name: Xiaomi AX3600 (DT) [ 0.292043] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.296299] pc : clk_core_get_parent_by_index+0x68/0xec [ 0.303067] lr : __clk_register+0x1d8/0x820 [ 0.308273] sp : ffffffc01111b7d0 [ 0.312438] x29: ffffffc01111b7d0 x28: 0000000000000000 x27: 0000000000000040 [ 0.315919] x26: 0000000000000002 x25: 0000000000000000 x24: ffffff8000308800 [ 0.323037] x23: ffffff8000308850 x22: ffffff8000308880 x21: ffffff8000308828 [ 0.330155] x20: 0000000000000028 x19: ffffff8000309700 x18: 0000000000000020 [ 0.337272] x17: 000000005cc86990 x16: 0000000000000004 x15: ffffff80001d9d0a [ 0.344391] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000006 [ 0.351508] x11: 0000000000000003 x10: 0101010101010101 x9 : 0000000000000000 [ 0.358626] x8 : 7f7f7f7f7f7f7f7f x7 : 6468626f5e626266 x6 : 17000a3a403c1b06 [ 0.365744] x5 : 061b3c403a0a0017 x4 : 0000000000000000 x3 : 0000000000000001 [ 0.372863] x2 : 0000a00000000000 x1 : 0000000000000001 x0 : ffffff8000309700 [ 0.379982] Call trace: [ 0.387091] clk_core_get_parent_by_index+0x68/0xec [ 0.389351] __clk_register+0x1d8/0x820 [ 0.394210] devm_clk_hw_register+0x5c/0xe0 [ 0.398030] devm_clk_register_regmap+0x44/0x8c [ 0.402198] qcom_cc_really_probe+0x17c/0x1d0 [ 0.406711] qcom_cc_probe+0x34/0x44 [ 0.411224] gcc_ipq8074_probe+0x18/0x30 [ 0.414869] platform_probe+0x68/0xe0 [ 0.418776] really_probe.part.0+0x9c/0x30c [ 0.422336] __driver_probe_device+0x98/0x144 [ 0.426329] driver_probe_device+0x44/0x11c [ 0.430842] __device_attach_driver+0xb4/0x120 [ 0.434836] bus_for_each_drv+0x68/0xb0 [ 0.439349] __device_attach+0xb0/0x170 [ 0.443081] device_initial_probe+0x14/0x20 [ 0.446901] bus_probe_device+0x9c/0xa4 [ 0.451067] device_add+0x35c/0x834 [ 0.454886] of_device_add+0x54/0x64 [ 0.458360] of_platform_device_create_pdata+0xc0/0x100 [ 0.462181] of_platform_bus_create+0x114/0x370 [ 0.467128] of_platform_bus_create+0x15c/0x370 [ 0.471641] of_platform_populate+0x50/0xcc [ 0.476155] of_platform_default_populate_init+0xa8/0xc8 [ 0.480324] do_one_initcall+0x50/0x1b0 [ 0.485877] kernel_init_freeable+0x234/0x29c [ 0.489436] kernel_init+0x24/0x120 [ 0.493948] ret_from_fork+0x10/0x20 [ 0.497253] Code: d50323bf d65f03c0 f94002a2 b4000302 (f9400042) [ 0.501079] ---[ end trace 4ca7e1129da2abce ]---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T06:37:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: fix PCI-E clock oops\n\nFix PCI-E clock related kernel oops that are caused by a missing clock\nparent.\n\npcie0_rchng_clk_src has num_parents set to 2 but only one parent is\nactually set via parent_hws, it should also have \"XO\" defined.\nThis will cause the kernel to panic on a NULL pointer in\nclk_core_get_parent_by_index().\n\nSo, to fix this utilize clk_parent_data to provide gcc_xo_gpll0 parent\ndata.\nSince there is already an existing static const char * const gcc_xo_gpll0[]\nused to provide the same parents via parent_names convert those users to\nclk_parent_data as well.\n\nWithout this earlycon is needed to even catch the OOPS as it will reset\nthe board before serial is initialized with the following:\n\n[    0.232279] Unable to handle kernel paging request at virtual address 0000a00000000000\n[    0.232322] Mem abort info:\n[    0.239094]   ESR = 0x96000004\n[    0.241778]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    0.244908]   SET = 0, FnV = 0\n[    0.250377]   EA = 0, S1PTW = 0\n[    0.253236]   FSC = 0x04: level 0 translation fault\n[    0.256277] Data abort info:\n[    0.261141]   ISV = 0, ISS = 0x00000004\n[    0.264262]   CM = 0, WnR = 0\n[    0.267820] [0000a00000000000] address between user and kernel address ranges\n[    0.270954] Internal error: Oops: 96000004 [#1] SMP\n[    0.278067] Modules linked in:\n[    0.282751] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.10 #0\n[    0.285882] Hardware name: Xiaomi AX3600 (DT)\n[    0.292043] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    0.296299] pc : clk_core_get_parent_by_index+0x68/0xec\n[    0.303067] lr : __clk_register+0x1d8/0x820\n[    0.308273] sp : ffffffc01111b7d0\n[    0.312438] x29: ffffffc01111b7d0 x28: 0000000000000000 x27: 0000000000000040\n[    0.315919] x26: 0000000000000002 x25: 0000000000000000 x24: ffffff8000308800\n[    0.323037] x23: ffffff8000308850 x22: ffffff8000308880 x21: ffffff8000308828\n[    0.330155] x20: 0000000000000028 x19: ffffff8000309700 x18: 0000000000000020\n[    0.337272] x17: 000000005cc86990 x16: 0000000000000004 x15: ffffff80001d9d0a\n[    0.344391] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000006\n[    0.351508] x11: 0000000000000003 x10: 0101010101010101 x9 : 0000000000000000\n[    0.358626] x8 : 7f7f7f7f7f7f7f7f x7 : 6468626f5e626266 x6 : 17000a3a403c1b06\n[    0.365744] x5 : 061b3c403a0a0017 x4 : 0000000000000000 x3 : 0000000000000001\n[    0.372863] x2 : 0000a00000000000 x1 : 0000000000000001 x0 : ffffff8000309700\n[    0.379982] Call trace:\n[    0.387091]  clk_core_get_parent_by_index+0x68/0xec\n[    0.389351]  __clk_register+0x1d8/0x820\n[    0.394210]  devm_clk_hw_register+0x5c/0xe0\n[    0.398030]  devm_clk_register_regmap+0x44/0x8c\n[    0.402198]  qcom_cc_really_probe+0x17c/0x1d0\n[    0.406711]  qcom_cc_probe+0x34/0x44\n[    0.411224]  gcc_ipq8074_probe+0x18/0x30\n[    0.414869]  platform_probe+0x68/0xe0\n[    0.418776]  really_probe.part.0+0x9c/0x30c\n[    0.422336]  __driver_probe_device+0x98/0x144\n[    0.426329]  driver_probe_device+0x44/0x11c\n[    0.430842]  __device_attach_driver+0xb4/0x120\n[    0.434836]  bus_for_each_drv+0x68/0xb0\n[    0.439349]  __device_attach+0xb0/0x170\n[    0.443081]  device_initial_probe+0x14/0x20\n[    0.446901]  bus_probe_device+0x9c/0xa4\n[    0.451067]  device_add+0x35c/0x834\n[    0.454886]  of_device_add+0x54/0x64\n[    0.458360]  of_platform_device_create_pdata+0xc0/0x100\n[    0.462181]  of_platform_bus_create+0x114/0x370\n[    0.467128]  of_platform_bus_create+0x15c/0x370\n[    0.471641]  of_platform_populate+0x50/0xcc\n[    0.476155]  of_platform_default_populate_init+0xa8/0xc8\n[    0.480324]  do_one_initcall+0x50/0x1b0\n[    0.485877]  kernel_init_freeable+0x234/0x29c\n[    0.489436]  kernel_init+0x24/0x120\n[    0.493948]  ret_from_fork+0x10/0x20\n[    0.497253] Code: d50323bf d65f03c0 f94002a2 b4000302 (f9400042)\n[    0.501079] ---[ end trace 4ca7e1129da2abce ]---",
  "id": "GHSA-wx79-2q2c-86qm",
  "modified": "2025-09-23T21:30:54Z",
  "published": "2025-09-23T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47647"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41e360fa73a4c2f5b78f5ded78a5375b08c206a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a5576ad405c3c89fc9afb245c4dcc3e412b0aa9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b89c9e68a01a19a1dd689a42aa65d545e931899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf8f5182b8f59309809b41c1d1730ed9ca6134b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d02b3d4a8c525068bc5cfb4341e0023d8eb82ace"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.