VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 9, 2025· Updated Apr 15, 2026

CVE-2025-40108

CVE-2025-40108

Description

In the Linux kernel, the following vulnerability has been resolved:

serial: qcom-geni: Fix blocked task

Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the first one causes regression - hang task on Qualcomm RB1 board (QRB2210) and unable to use serial at all during normal boot:

INFO: task kworker/u16:0:12 blocked for more than 42 seconds. Not tainted 6.17.0-rc1-00004-g53e760d89498 #9 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack:0 pid:12 tgid:12 ppid:2 task_flags:0x4208060 flags:0x00000010 Workqueue: async async_run_entry_fn Call trace: __switch_to+0xe8/0x1a0 (T) __schedule+0x290/0x7c0 schedule+0x34/0x118 rpm_resume+0x14c/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c __pm_runtime_resume+0x50/0x9c __driver_probe_device+0x58/0x120 driver_probe_device+0x3c/0x154 __driver_attach_async_helper+0x4c/0xc0 async_run_entry_fn+0x34/0xe0 process_one_work+0x148/0x290 worker_thread+0x2c4/0x3e0 kthread+0x118/0x1c0 ret_from_fork+0x10/0x20

The issue was reported on 12th of August and was ignored by author of commits introducing issue for two weeks. Only after complaining author produced a fix which did not work, so if original commits cannot be reliably fixed for 5 weeks, they obviously are buggy and need to be dropped.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A regression in the Linux kernel's QCOM GENI serial driver causes a kernel task hang due to stale PM runtime changes, reverted in CVE-2025-40108.

Vulnerability

Analysis

The vulnerability is a regression introduced in the Linux kernel's serial driver for Qualcomm GENI-based platforms (UART). Two commits, 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms"), were reverted because they caused a kernel task hang [1][2]. The root cause was that the PM runtime changes created a deadlock scenario in the rpm_resume path, as seen in the call trace: rpm_resume is called repeatedly, blocking the kernel worker thread [2]. This manifests as a blocked task, specifically kworker/u16:0, which becomes stuck and prevents serial console use during normal boot [2].

Exploitation and

Impact

The bug is triggered during boot on systems like the Qualcomm RB1 board (QRB2210). No special attacker access is required—the hang occurs automatically during normal system startup, making the system unusable [2]. The impact is a denial-of-service (DoS) condition where the system cannot boot to a functional state, affecting serial communication entirely [2].

Mitigation

The fix is to revert the offending commits. The kernel stable tree included the revert commit 1e810d81769e [1] and the second revert a699213d4e6e [2]. Users are advised to apply these reverts if their kernel contains the buggy commits. No workaround exists other than reverting the changes [2].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <= 6.17.0-rc1

Patches

2
1e810d81769e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a699213d4e6e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.