UFS Power Management Flaw in Linux Kernel Affecting Qualcomm Devices
CVE-2025-68236
What is CVE-2025-68236?
A vulnerability has been identified in the Linux kernel's implementation of UFS (Universal Flash Storage) power management, specifically within the Qualcomm UFS controller. During the power shutdown sequence for UFS devices, the device firmware may trigger an excessive current draw that interacts improperly with the regulators. This can lead to overcurrent protection (OCP) faults if the power management sequence is not properly timed. To mitigate this issue, a delay of 10 milliseconds is introduced after the hardware reset assertion, ensuring that the power rails remain active until the reset routine completes. This fix aims to enhance the stability and reliability of UFS devices during shutdown procedures.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5127be409c6c3815c4a7d8f6d88043e44f9b9543
Linux 6.17.10 <= 6.17.*