Acknowledged
Created: Aug 24, 2025
Updated: Aug 26, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]PCI: pnv_php: Fix surprise plug detection and recovery[EOL][EOL]The existing PowerNV hotplug code did not handle surprise plug events[EOL]correctly, leading to a complete failure of the hotplug system after device[EOL]removal and a required reboot to detect new devices.[EOL][EOL]This comes down to two issues:[EOL][EOL] 1) When a device is surprise removed, often the bridge upstream[EOL] port will cause a PE freeze on the PHB. If this freeze is not[EOL] cleared, the MSI interrupts from the bridge hotplug notification[EOL] logic will not be received by the kernel, stalling all plug events[EOL] on all slots associated with the PE.[EOL][EOL] 2) When a device is removed from a slot, regardless of surprise or[EOL] programmatic removal, the associated PHB/PE ls left frozen.[EOL] If this freeze is not cleared via a fundamental reset, skiboot[EOL] is unable to clear the freeze and cannot retrain / rescan the[EOL] slot. This also requires a reboot to clear the freeze and redetect[EOL] the device in the slot.[EOL][EOL]Issue the appropriate unfreeze and rescan commands on hotplug events,[EOL]and don't oops on hotplug if pci_bus_to_OF_node() returns NULL.[EOL][EOL][bhelgaas: tidy comments]
CREATE(Triage):(User=pbi-cn) [CVE-2025-38623 (https://nvd.nist.gov/vuln/detail/CVE-2025-38623)
