CVE-2025-68204
Description
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: arm: scmi: Fix genpd leak on provider registration failure
If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add().
Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure.
Example crash trace observed without this fix:
| Unable to handle kernel paging request at virtual address fffffffffffffc70 | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : genpd_debug_add+0x2c/0x160 | lr : genpd_debug_init+0x74/0x98 | Call trace: | genpd_debug_add+0x2c/0x160 (P) | genpd_debug_init+0x74/0x98 | do_one_initcall+0xd0/0x2d8 | do_initcall_level+0xa0/0x140 | do_initcalls+0x60/0xa8 | do_basic_setup+0x28/0x40 | kernel_init_freeable+0xe8/0x170 | kernel_init+0x2c/0x140 | ret_from_fork+0x10/0x20
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Linux kernel's SCMI pmdomain driver, failure during provider registration leaves power domains unremoved, causing a memory leak and potential crash.
Vulnerability
Overview In the Linux kernel's SCMI power domain (pmdomain) driver for ARM platforms, a resource management flaw exists during probe. When of_genpd_add_provider_onecell() fails, the generic power domains (genpds) that were previously created and registered are not cleaned up, leading to a memory leak. This bug was introduced because the error path does not unwind the initialized domains before returning from probe.
Attack
Vector The vulnerability is triggered during driver probe on ARM systems such as the Juno Development Platform. An attacker with the ability to influence firmware responses or trigger probe failures (e.g., via malicious device tree or error injection) could cause the probe to fail mid-way. No authentication is required, as the bug occurs at boot time during kernel initialization.
Impact
The missing cleanup leads to dangling pointers to freed or never-freed memory. When the kernel later calls genpd_debug_add() during debugfs initialization, it attempts to access invalid memory, resulting in a kernel panic (oops) as seen in the crash trace. This effectively causes a denial of service on the system.
Mitigation
The fix adds proper error handling to release all previously created genpds upon failure in the probe function, ensuring all resources are correctly freed. The patch has been backported to multiple stable kernel branches [1][2][3]. Users should update to the latest kernel or apply the respective stable commits.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/18249a167ffd91b4b4fbd92afd4ddcbf3af81f35nvd
- git.kernel.org/stable/c/582f48d22eb5676fe7be3589b986ddd29f7bf4d1nvd
- git.kernel.org/stable/c/7458f72cc28f9eb0de811effcb5376d0ec19094anvd
- git.kernel.org/stable/c/7f569197f7ad09319af960bd7e43109de5c67c04nvd
- git.kernel.org/stable/c/921b090841ae7a08b19ab14495bdf8636dc31e21nvd
- git.kernel.org/stable/c/983e91da82ec3e331600108f9be3ea61236f5c75nvd
- git.kernel.org/stable/c/ad120c08b89a81d41d091490bbe150343473b659nvd
- git.kernel.org/stable/c/c6e11d320fd6cbaef6d589f2fcb45aa25a6b960anvd
News mentions
0No linked articles in our index yet.