Critical Clock Management Issue in Linux Kernel Affecting System Stability
CVE-2025-38633

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38633?

A significant vulnerability in the Linux kernel relates to improper clock management, specifically affecting the pll1_d8 clock. This clock, crucial for the operation of numerous subsystems including APB and AXI buses, inadvertently disabled itself due to a mishandling of a reset controller request. When the clock became disabled, it triggered a cascade effect leading to system hangs as parent clocks reduced their enable counts. By marking the pll1_d8 clock as critical, this issue was resolved, averting potential system instability.

Affected Version(s)

Linux 1b72c59db0add8e47fa116b21f78ed0b09a264f3 < 10948c00e548e9ad2ce9d765baf26dce2d9b806b

Linux 1b72c59db0add8e47fa116b21f78ed0b09a264f3 < 7554729de27daf6d54bcf8689d863bbe267828bf

Linux 6.16

References

https://git.kernel.org/stable/c/10948c00e548e9ad2ce9d765b...

https://git.kernel.org/stable/c/7554729de27daf6d54bcf8689...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025