Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Coresight Device Infinite Loop Vulnerability on QCS615

Vulnerability

A vulnerability in the Linux kernel's handling of Coresight devices on the QCS615 platform can lead to a system crash. When only a source device is active, the 'coresight_find_activated_sysfs_sink' function is called recursively to find an active sink device. This process can create an infinite loop, causing a stack overflow and crashing the system. The issue has been addressed by disabling the 'replicator1' device, which breaks the loop and prevents the stack overflow.

Impact

The vulnerability causes a stack overflow, leading to a system crash.

Reproduction

The vulnerability can be reproduced by enabling only a source Coresight device on the QCS615 platform. This will trigger the 'coresight_find_activated_sysfs_sink' function to recursively search for an active sink device, creating an infinite loop that causes a stack overflow and crashes the system.

Remediation

The vulnerability has been fixed in the Linux kernel by disabling the 'replicator1' device in the device tree for the QCS615 platform.

Added: Aug 22, 2025, 4:54 PM
Updated: Aug 22, 2025, 4:54 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
8.3
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.