AZL-74180

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74180.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74180

Upstream

CVE-2025-39724

Published

2025-09-05T18:15:50Z

Modified

2026-04-01T05:22:21.946223Z

Summary

CVE-2025-39724 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: fix panic due to PSLVERR

When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled.

In serial8250dostartup(), calling serialportout(port, UARTLCR, UARTLCRWLEN8) triggers dw8250checklcr(), which invokes dw8250forceidle() and serial8250clearandreinitfifos(). The latter function enables the FIFO via serialout(p, UARTFCR, p->fcr). Execution proceeds to the serialportin(port, UARTRX). This satisfies the PSLVERR trigger condition.

When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UARTLCRSPAR) == (lcr & ~UARTLCRSPAR) in dw8250checklcr(), causing it to enter dw8250forceidle().

Put serialportout(port, UARTLCR, UARTLCR_WLEN8) under the port->lock to fix this issue.

Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250serialin32+0x1e/0x4a [ 0.442351] ra : serial8250dostartup+0x2c8/0x88e ... [ 0.442416] consoleonrootfs+0x26/0x70

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39724

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74180.json"