Infinite Loop Vulnerability in QCS615 Coresight Devices by Qualcomm

CVE-2025-38649

What is CVE-2025-38649?

A vulnerability in the QCS615 Coresight devices leads to an infinite loop situation when a source device is enabled. This causes the coresight_find_activated_sysfs_sink function to be recursively invoked, ultimately resulting in a stack overflow and potential system crash. The issue arises when attempting to find an active sink device, which does not exist, thereby requiring intervention to prevent catastrophic failures. Mitigating the situation involves disabling the replicator1 to interrupt the infinite loop, ensuring stability and preventing crashes. Notably, this change restricts the trace data reaching the ETF_SWAO and EUD sinks to only data generated by AOSS.

References