CVE-2025-38623 in Linux
Summary
by MITRE • 08/22/2025
In the Linux kernel, the following vulnerability has been resolved:
PCI: pnv_php: Fix surprise plug detection and recovery
The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices.
This comes down to two issues:
1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from the bridge hotplug notification logic will not be received by the kernel, stalling all plug events on all slots associated with the PE.
2) When a device is removed from a slot, regardless of surprise or programmatic removal, the associated PHB/PE ls left frozen. If this freeze is not cleared via a fundamental reset, skiboot is unable to clear the freeze and cannot retrain / rescan the slot. This also requires a reboot to clear the freeze and redetect the device in the slot.
Issue the appropriate unfreeze and rescan commands on hotplug events, and don't oops on hotplug if pci_bus_to_OF_node() returns NULL.
[bhelgaas: tidy comments]
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/28/2026
The vulnerability CVE-2025-38623 addresses a critical flaw in the Linux kernel's PowerNV PCI hotplug implementation that fundamentally undermines system reliability and device management capabilities. This issue specifically affects systems utilizing PowerNV platform hardware where PCI device hotplugging operations fail catastrophically when surprise removal events occur. The vulnerability stems from inadequate handling of hardware state transitions during device removal scenarios, creating a cascading failure that renders the entire hotplug subsystem non-functional until system reboot occurs. The flaw directly impacts the operational integrity of server environments where dynamic device management is essential for maintaining service availability and system flexibility.
The technical root cause involves two interconnected failure modes that compound to create complete system paralysis. The first issue manifests when a device undergoes surprise removal, causing the upstream bridge port to trigger a PHB (PCI Host Bridge) PE (Processing Element) freeze condition. This freeze state prevents MSI (Message Signaled Interrupts) from the bridge's hotplug notification logic from reaching the kernel, effectively halting all subsequent plug events across all slots associated with that particular PE. The second issue occurs regardless of whether removal is surprise or programmatic in nature, where the PHB/PE state remains frozen after device removal. Without proper unfreezing through fundamental reset operations, the skiboot firmware cannot clear these frozen states, preventing retraining and rescan operations necessary for device detection. This dual failure mechanism creates a persistent deadlock condition that requires complete system reboot to resolve.
The operational impact of this vulnerability extends beyond simple inconvenience to represent a serious reliability threat in enterprise server environments. Systems utilizing PowerNV platforms with dynamic PCI device management capabilities face complete hotplug failure after any surprise removal event, eliminating the possibility of graceful device reconfiguration. This vulnerability directly violates security and availability principles by creating a single point of failure in the device management infrastructure. Network administrators and system operators lose the ability to perform routine device maintenance, upgrades, or hot-swapping operations without risking complete system downtime. The requirement for reboot operations undermines service level agreements and operational efficiency, particularly in high-availability environments where unplanned outages are unacceptable.
The fix implemented addresses both identified failure modes through proper state management and error handling procedures. The solution involves issuing appropriate unfreeze and rescan commands during hotplug events to prevent the accumulation of frozen PHB/PE states that block subsequent operations. Additionally, the implementation includes robust error handling to prevent kernel oops conditions when pci_bus_to_OF_node() returns NULL, which would otherwise cause system crashes during normal hotplug operations. This remediation aligns with common security practices for embedded system reliability and follows established patterns for handling hardware state transitions in virtualized environments. The fix demonstrates proper adherence to system integrity principles by ensuring that error conditions do not cascade into complete system failures, thereby maintaining operational continuity and reducing attack surface through improved error handling mechanisms.
This vulnerability demonstrates characteristics consistent with CWE-399 - Resource Management Errors and CWE-476 - NULL Pointer Dereference, representing fundamental flaws in system resource handling and error condition management. From an ATT&CK framework perspective, this vulnerability could be leveraged to create persistent denial of service conditions that would require system-level intervention for resolution, potentially impacting system availability and operational continuity. The implementation of proper state management and error handling mechanisms addresses both the immediate technical failure and provides resilience against similar issues in related subsystems. The fix represents a defensive programming approach that prevents cascading failures and maintains system operational integrity during hardware management operations.