CVE-2025-40188

Root

Cause

In the Linux kernel's Berlin PWM driver, the suspend and resume callbacks reference the constant BERLIN_PWM_ENABLE instead of the correct BERLIN_PWM_EN. This is a plain coding error — the wrong register offset is used when saving and restoring the PWM enable state during system power transitions [1].

Exploitation

An attacker does not need to actively exploit this bug; it is triggered automatically whenever the system enters a suspend/resume cycle on hardware that uses the Berlin PWM controller. No special privileges or network access are required — the flaw resides in kernel driver code that executes during normal power management events.

Impact

Because the driver accesses an invalid memory address (the value at offset BERLIN_PWM_ENABLE is not a valid PWM register), the kernel triggers a CPU exception, which leads to a system panic [1]. This results in a denial of service: the machine crashes (or hangs) during suspend or resume, potentially losing unsaved data and forcing a hard reset.

Mitigation

Patches have been merged into the Linux kernel stable tree; referencing the proposed fix, commit fd017aabd427, corrects the register name [1][2][3][4]. Administrators should apply the latest kernel updates for their distribution to eliminate the panic.