CVE-2025-38623

{"id": "CVE-2025-38623", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-08-22T16:15:35.760", "references": [{"url": "https://git.kernel.org/stable/c/1d2f63680c5719a5da92639e981c6c9a87fcee08", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2ec8ec57bb8ebde3e2a015eff80e5d66e6634fe3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/48c6935a34981bb56f35be0774ec1f30c6e386f8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6e7b24c71e530a6c1d656e73d8a30ee081656844", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6e7b5f922901585b8f11e0d6cda12bda5c59fc8a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/78d20b8c13075eae3d884c21db7a09a6bbdda5b2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a2a2a6fc2469524caa713036297c542746d148dc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Fix surprise plug detection and recovery\n\nThe existing PowerNV hotplug code did not handle surprise plug events\ncorrectly, leading to a complete failure of the hotplug system after device\nremoval and a required reboot to detect new devices.\n\nThis comes down to two issues:\n\n 1) When a device is surprise removed, often the bridge upstream\n port will cause a PE freeze on the PHB. If this freeze is not\n cleared, the MSI interrupts from the bridge hotplug notification\n logic will not be received by the kernel, stalling all plug events\n on all slots associated with the PE.\n\n 2) When a device is removed from a slot, regardless of surprise or\n programmatic removal, the associated PHB/PE ls left frozen.\n If this freeze is not cleared via a fundamental reset, skiboot\n is unable to clear the freeze and cannot retrain / rescan the\n slot. This also requires a reboot to clear the freeze and redetect\n the device in the slot.\n\nIssue the appropriate unfreeze and rescan commands on hotplug events,\nand don't oops on hotplug if pci_bus_to_OF_node() returns NULL.\n\n[bhelgaas: tidy comments]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: pnv_php: Arreglar la detecci\u00f3n y recuperaci\u00f3n de conexiones sorpresivas El c\u00f3digo de conexi\u00f3n en caliente PowerNV existente no manejaba correctamente los eventos de conexi\u00f3n sorpresiva, lo que provocaba un fallo completo del sistema de conexi\u00f3n en caliente tras la extracci\u00f3n del dispositivo y un reinicio necesario para detectar nuevos dispositivos. Esto se reduce a dos problemas: 1) Cuando se extrae un dispositivo por sorpresa, a menudo el puerto ascendente del puente provocar\u00e1 una congelaci\u00f3n del PE en el PHB. Si esta congelaci\u00f3n no se elimina, el kernel no recibir\u00e1 las interrupciones MSI de la l\u00f3gica de notificaci\u00f3n de conexi\u00f3n en caliente del puente, lo que detendr\u00e1 todos los eventos de conexi\u00f3n en todas las ranuras asociadas con el PE. 2) Cuando se extrae un dispositivo de una ranura, independientemente de si es una extracci\u00f3n sorpresiva o program\u00e1tica, el PHB/PE asociado queda congelado. Si esta congelaci\u00f3n no se elimina mediante un reinicio fundamental, skiboot no puede eliminar la congelaci\u00f3n y no puede volver a entrenar/escanear la ranura. Esto tambi\u00e9n requiere un reinicio para eliminar la congelaci\u00f3n y volver a detectar el dispositivo en la ranura. Emita los comandos de descongelaci\u00f3n y reescaneo adecuados en eventos de conexi\u00f3n en caliente, y no falle en la conexi\u00f3n en caliente si pci_bus_to_OF_node() devuelve NULL. [bhelgaas: comentarios ordenados]"}], "lastModified": "2026-01-07T16:38:49.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B3BBCB-EDED-4190-B172-C1C7780E070F", "versionEndExcluding": "5.10.241", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9E597F-3DDE-4D7E-976C-463D0611F13F", "versionEndExcluding": "5.15.190", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E5B1B93-C244-4B54-B3AB-12C2635A443B", "versionEndExcluding": "6.1.148", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD6EDB96-08AC-49D8-A1A9-4D2140C49BC7", "versionEndExcluding": "6.6.102", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA7AA5E6-4376-4A85-A021-6ACC5FF801C3", "versionEndExcluding": "6.12.42", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5890C690-B295-40C2-9121-FF5F987E5142", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58182352-D7DF-4CC9-841E-03C1D852C3FB", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.16"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}