Linux Kernel Vulnerability in Clock Management by Vendor
CVE-2025-38631

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38631?

A vulnerability exists in the Linux kernel related to the clock management for power domains. When enabling runtime power management for clock suppliers, a synchronous external abort can occur if the device is not explicitly resumed. This can lead to crashes when trying to access the BLK_CTL register, resulting in system instability. The issue can be resolved by utilizing devm_pm_runtime_enable() for proper device management, thereby preventing unintended shutdowns of power domains.

Affected Version(s)

Linux 5224b189462ff70df328f173b71acfd925092c3c

Linux 5224b189462ff70df328f173b71acfd925092c3c < 9f0ee0baf25b46bb82655c687718ebb0ae1def7b

Linux 5224b189462ff70df328f173b71acfd925092c3c < 533dc3cb375cabd8a2beba293d63ef2acd3d0005

References

https://git.kernel.org/stable/c/c1dead8bb303f86905ea6a09e...

https://git.kernel.org/stable/c/9f0ee0baf25b46bb82655c687...

https://git.kernel.org/stable/c/533dc3cb375cabd8a2beba293...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025