CVE-2025-39752
Description
In the Linux kernel, the following vulnerability has been resolved:
ARM: rockchip: fix kernel hang during smp initialization
In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect.
The patch moves SRAM initialization step to the point where all secondary CPUs are powered down.
That fixes rarely hangs on RK3188: [ 0.091568] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 [ 0.091996] rockchip_smp_prepare_cpus: ncores 4
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Race condition in Rockchip SMP initialization on ARM can cause kernel hang when secondary CPUs execute trampoline code prematurely.
Vulnerability
In the Linux kernel, a race condition exists during SMP initialization on ARM Rockchip platforms. The main CPU writes trampoline code to SRAM while secondary CPUs may still be powered on, leading to a kernel hang [description]. This occurs because secondary CPUs can execute the trampoline code before the kernel expects it, particularly on RK3188.
Exploitation
This vulnerability is not directly exploitable by an attacker; it is a race condition that occurs during boot on multi-core Rockchip systems. No special privileges are required, but the condition is triggered during normal SMP bring-up, potentially causing a denial of service.
Impact
The vulnerability results in a kernel hang, causing denial of service (CVSS 5.5, Medium). It can prevent the system from booting successfully, affecting availability.
Mitigation
The fix [2][3][4] moves SRAM initialization to a point where all secondary CPUs are powered down, preventing premature code execution. Patches are available in stable kernel updates. The Siemens advisory [1] lists affected products like SIMATIC CN 4100; users should update to fixed versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 3.19
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.kernel.org/stable/c/0223a3683d502b7e5eb2eb4ad7e97363fa88d531nvdPatch
- git.kernel.org/stable/c/1eb67589a7e091b1e5108aab72fddbf4dc69af2cnvdPatch
- git.kernel.org/stable/c/265583266d93db4ff83d088819b1f63fdf0131dbnvdPatch
- git.kernel.org/stable/c/3c6bf7a324b8995b9c7d790c8d2abf0668f51551nvdPatch
- git.kernel.org/stable/c/47769dab9073a73e127aa0bfd0ba4c51eaccdc33nvdPatch
- git.kernel.org/stable/c/7cdb433bb44cdc87dc5260cdf15bf03cc1cd1814nvdPatch
- git.kernel.org/stable/c/888a453c2a239765a7ab4de8a3cedae2e3802528nvdPatch
- git.kernel.org/stable/c/c0726d1e466e2d0da620836e293a59e6427ccdffnvdPatch
- git.kernel.org/stable/c/d7d6d076ee9532c4668f14696a35688d35dd16f4nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories