USB Handling Vulnerability in Renesas Products
CVE-2025-38136

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38136?

A vulnerability in the Linux kernel affects the USB handling for Renesas devices. Specifically, during the usbhs_probe() function, there is a risk of accessing device registers before properly enabling the necessary clocks. This leads to runtime issues, including external abort errors, particularly notable in the Renesas RZ/V2H SoC. To resolve this, the power management sequence has been reordered to ensure that clocks are activated prior to register access, thus preventing potential system crashes.

Affected Version(s)

Linux f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 < 095cc0b5888acc228f12344e85b17539b9ce9367

Linux f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 < 155453ada562c450a4ff5fcf4852b9fa5b6b793a

Linux f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 < 0a1e16a6cbf4452b46f20b862d6141a1e90844ee

References

https://git.kernel.org/stable/c/095cc0b5888acc228f12344e8...

https://git.kernel.org/stable/c/155453ada562c450a4ff5fcf4...

https://git.kernel.org/stable/c/0a1e16a6cbf4452b46f20b862...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025