{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:05:23.033","vulnerabilities":[{"cve":{"id":"CVE-2025-38010","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T10:15:32.283","lastModified":"2025-11-17T12:56:38.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Use a bitmask for UTMI pad power state tracking\n\nThe current implementation uses bias_pad_enable as a reference count to\nmanage the shared bias pad for all UTMI PHYs. However, during system\nsuspension with connected USB devices, multiple power-down requests for\nthe UTMI pad result in a mismatch in the reference count, which in turn\nproduces warnings such as:\n\n[  237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170\n[  237.763103] Call trace:\n[  237.763104]  tegra186_utmi_pad_power_down+0x160/0x170\n[  237.763107]  tegra186_utmi_phy_power_off+0x10/0x30\n[  237.763110]  phy_power_off+0x48/0x100\n[  237.763113]  tegra_xusb_enter_elpg+0x204/0x500\n[  237.763119]  tegra_xusb_suspend+0x48/0x140\n[  237.763122]  platform_pm_suspend+0x2c/0xb0\n[  237.763125]  dpm_run_callback.isra.0+0x20/0xa0\n[  237.763127]  __device_suspend+0x118/0x330\n[  237.763129]  dpm_suspend+0x10c/0x1f0\n[  237.763130]  dpm_suspend_start+0x88/0xb0\n[  237.763132]  suspend_devices_and_enter+0x120/0x500\n[  237.763135]  pm_suspend+0x1ec/0x270\n\nThe root cause was traced back to the dynamic power-down changes\nintroduced in commit a30951d31b25 (\"xhci: tegra: USB2 pad power controls\"),\nwhere the UTMI pad was being powered down without verifying its current\nstate. This unbalanced behavior led to discrepancies in the reference\ncount.\n\nTo rectify this issue, this patch replaces the single reference counter\nwith a bitmask, renamed to utmi_pad_enabled. Each bit in the mask\ncorresponds to one of the four USB2 PHYs, allowing us to track each pad's\nenablement status individually.\n\nWith this change:\n  - The bias pad is powered on only when the mask is clear.\n  - Each UTMI pad is powered on or down based on its corresponding bit\n    in the mask, preventing redundant operations.\n  - The overall power state of the shared bias pad is maintained\n    correctly during suspend/resume cycles.\n\nThe mutex used to prevent race conditions during UTMI pad enable/disable\noperations has been moved from the tegra186_utmi_bias_pad_power_on/off\nfunctions to the parent functions tegra186_utmi_pad_power_on/down. This\nchange ensures that there are no race conditions when updating the bitmask."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: tegra: xusb: utilizar una máscara de bits para el seguimiento del estado de energía del panel UTMI. La implementación actual utiliza bias_pad_enable como un recuento de referencia para administrar el panel de polarización compartido para todos los PHY UTMI. Sin embargo, durante la suspensión del sistema con dispositivos USB conectados, varias solicitudes de apagado del panel UTMI resultan en una discrepancia en el recuento de referencia, lo que a su vez produce advertencias como: [ 237.762967] ADVERTENCIA: CPU: 10 PID: 1618 en tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763103] Rastreo de llamadas: [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30 [ 237.763110] phy_power_off+0x48/0x100 [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500 [ 237.763119] tegra_xusb_suspend+0x48/0x140 [ 237.763122] platform_pm_suspend+0x2c/0xb0 [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0 [ 237.763127] __device_suspend+0x118/0x330 [ 237.763129] dpm_suspend+0x10c/0x1f0 [ 237.763130] dpm_suspend_start+0x88/0xb0 [ 237.763132] suspend_devices_and_enter+0x120/0x500 [ 237.763135] pm_suspend+0x1ec/0x270 La causa raíz se remonta a los cambios de apagado dinámico introducidos en el commit a30951d31b25 (\"xhci: tegra: USB2 pad power controls\"), donde el pad UTMI se apagaba sin verificar su estado actual. Este comportamiento desequilibrado provocó discrepancias en el recuento de referencias. Para rectificar este problema, este parche reemplaza el contador de referencia único con una máscara de bits, renombrada como utmi_pad_enabled. Cada bit en la máscara corresponde a uno de los cuatro PHY USB2, lo que nos permite rastrear el estado de habilitación de cada pad individualmente. Con este cambio: - El pad de polarización se enciende solo cuando la máscara está despejada. - Cada pad UTMI se enciende o apaga según su bit correspondiente en la máscara, lo que evita operaciones redundantes. El estado general de energía del pad de polarización compartido se mantiene correctamente durante los ciclos de suspensión/reinicio. El mutex utilizado para evitar condiciones de ejecución durante las operaciones de activación/desactivación del pad UTMI se ha trasladado de las funciones tegra186_utmi_bias_pad_power_on/off a las funciones principales tegra186_utmi_pad_power_on/down. Este cambio garantiza que no se produzcan condiciones de ejecución al actualizar la máscara de bits."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.92","matchCriteriaId":"08A59284-A681-4E4B-B672-B36A8BD6A9EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.30","matchCriteriaId":"8F43EF2E-9448-4BCA-99D9-DAEAEB7523C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.8","matchCriteriaId":"D4458049-AD51-4F1B-BAB9-C32B53A54DE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*","matchCriteriaId":"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*","matchCriteriaId":"2D240580-3048-49B2-9E27-F115A9DF8224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*","matchCriteriaId":"90320558-E553-4EF5-8A0B-0F5D20113BD2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1db527f0cb8f677adadd4e28e5bc77aaf5d4e4c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/628bec9ed68a2204184fc8230a2609075b08666e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b47158fb42959c417ff2662075c0d46fb783d5d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba25131b3c1ceec303839b2462586d7673788197","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}