Linux Kernel ARM DTS Fixed Clock Vulnerability Leading to Kernel Panic

Vulnerability

A vulnerability in the Linux kernel's Device Tree Specification (DTS) for ARM architecture has been addressed. The issue arose in the Qualcomm (qcom) DTS, where the GCC PXO phandle was incorrectly referenced. Instead of pointing to a fixed clock, it led to a source that could cause a kernel panic if any driver attempted to utilize it. This problem occurred because the GCC driver does not offer PXO_SRC as a source, given that it's a fixed clock.

Impact

The vulnerability could cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Added: Jun 18, 2025, 2:07 PM

Updated: Jun 18, 2025, 2:07 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ARM DTS Fixed Clock Vulnerability Leading to Kernel Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating