{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38649", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.030Z", "datePublished": "2025-08-22T16:00:53.731Z", "dateUpdated": "2026-05-11T21:32:18.211Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:32:18.211Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\n\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\n\nreplicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out\n | |\nreplicator1_in replicator_swao_in\n | |\nreplicator0_out1 replicator_swao_out0\n | |\nreplicator0_in funnel_in1_in3\n | |\ntmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out\n\n[call trace]\n dump_backtrace+0x9c/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x48/0x60\n dump_stack+0x18/0x28\n panic+0x340/0x3b0\n nmi_panic+0x94/0xa0\n panic_bad_stack+0x114/0x138\n handle_bad_stack+0x34/0xb8\n __bad_stack+0x78/0x80\n coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n ...\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_enable_sysfs+0x80/0x2a0 [coresight]\n\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/boot/dts/qcom/qcs615.dtsi"], "versions": [{"version": "bf469630552a3950d0370dd5fd1f9bf0145d09d5", "lessThan": "a9aaadcb0a6ce0c19616c46525112bc947c6f2b1", "status": "affected", "versionType": "git"}, {"version": "bf469630552a3950d0370dd5fd1f9bf0145d09d5", "lessThan": "fbe5be7893b8c7f58c999a26839cd30bc07654c6", "status": "affected", "versionType": "git"}, {"version": "bf469630552a3950d0370dd5fd1f9bf0145d09d5", "lessThan": "bd4f35786d5f0798cc1f8c187a81a7c998e6c58f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/boot/dts/qcom/qcs615.dtsi"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.10", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.15.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1"}, {"url": "https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6"}, {"url": "https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f"}], "title": "arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "70478C0C-058C-4CC8-99CB-6F578E74194C", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "58182352-D7DF-4CC9-841E-03C1D852C3FB", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\n\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\n\nreplicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out\n | |\nreplicator1_in replicator_swao_in\n | |\nreplicator0_out1 replicator_swao_out0\n | |\nreplicator0_in funnel_in1_in3\n | |\ntmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out\n\n[call trace]\n dump_backtrace+0x9c/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x48/0x60\n dump_stack+0x18/0x28\n panic+0x340/0x3b0\n nmi_panic+0x94/0xa0\n panic_bad_stack+0x114/0x138\n handle_bad_stack+0x34/0xb8\n __bad_stack+0x78/0x80\n coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n ...\n coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n coresight_enable_sysfs+0x80/0x2a0 [coresight]\n\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: dts: qcom: qcs615: se corrige un problema de bloqueo causado por un bucle infinito para Coresight. Los dispositivos Coresight han creado un bucle infinito. Cuando solo se habilita un dispositivo de origen, la funci\u00f3n coresight_find_activated_sysfs_sink se invoca recursivamente para intentar localizar un dispositivo receptor activo, lo que finalmente provoca un desbordamiento de pila y un bloqueo del sistema. Por lo tanto, deshabilite replicator1 para romper el bucle infinito y evitar un posible desbordamiento de pila. replicator1_out -&gt; funnel_swao_in6 -&gt; tmc_etf_swao_in -&gt; tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out &lt;- tmc_etf_in &lt;- funnel_merg_out &lt;- funnel_merg_in1 &lt;- funnel_in1_out [rastreo de llamadas] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] efecto secundario despu\u00e9s del cambio: Solo los datos de seguimiento originados desde AOSS pueden alcanzar los receptores ETF_SWAO y EUD."}], "id": "CVE-2025-38649", "lastModified": "2025-11-26T16:27:46.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-22T16:15:39.617", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight", "id": "2390366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390366"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\nreplicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out\n| |\nreplicator1_in replicator_swao_in\n| |\nreplicator0_out1 replicator_swao_out0\n| |\nreplicator0_in funnel_in1_in3\n| |\ntmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out\n[call trace]\ndump_backtrace+0x9c/0x128\nshow_stack+0x20/0x38\ndump_stack_lvl+0x48/0x60\ndump_stack+0x18/0x28\npanic+0x340/0x3b0\nnmi_panic+0x94/0xa0\npanic_bad_stack+0x114/0x138\nhandle_bad_stack+0x34/0xb8\n__bad_stack+0x78/0x80\ncoresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\ncoresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\ncoresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\ncoresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\ncoresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n...\ncoresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\ncoresight_enable_sysfs+0x80/0x2a0 [coresight]\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks."], "name": "CVE-2025-38649", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38649\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38649\nhttps://lore.kernel.org/linux-cve-announce/2025082236-CVE-2025-38649-9023@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-08-23T10:55:18.871013+00:00", "updated": "2025-08-23T10:55:18.871101+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}