CVE-2025-39724
- Source
- https://cve.org/CVERecord?id=CVE-2025-39724
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39724.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39724
- Downstream
- Related
- Published
- 2025-09-05T17:21:32.005Z
- Modified
- 2026-03-20T12:43:01.026623Z
- Summary
- serial: 8250: fix panic due to PSLVERR
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: fix panic due to PSLVERR
When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled.
In serial8250dostartup(), calling serialportout(port, UARTLCR, UARTLCRWLEN8) triggers dw8250checklcr(), which invokes dw8250forceidle() and serial8250clearandreinitfifos(). The latter function enables the FIFO via serialout(p, UARTFCR, p->fcr). Execution proceeds to the serialportin(port, UARTRX). This satisfies the PSLVERR trigger condition.
When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UARTLCRSPAR) == (lcr & ~UARTLCRSPAR) in dw8250checklcr(), causing it to enter dw8250forceidle().
Put serialportout(port, UARTLCR, UARTLCR_WLEN8) under the port->lock to fix this issue.
Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250serialin32+0x1e/0x4a [ 0.442351] ra : serial8250dostartup+0x2c8/0x88e ... [ 0.442416] consoleonrootfs+0x26/0x70
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39724.json" }- References
-
- https://git.kernel.org/stable/c/0b882f00655afefbc7729c6b5aec86f7a5473a3d
- https://git.kernel.org/stable/c/38c0ea484dedb58cb3a4391229933e16be0d1031
- https://git.kernel.org/stable/c/68c4613e89f000e8198f9ace643082c697921c9f
- https://git.kernel.org/stable/c/7f8fdd4dbffc05982b96caf586f77a014b2a9353
- https://git.kernel.org/stable/c/8e2739478c164147d0774802008528d9e03fb802
- https://git.kernel.org/stable/c/b8ca8e3f75ede308b4d49a6ca5081460be01bdb5
- https://git.kernel.org/stable/c/c826943abf473a3f7260fbadfad65e44db475460
- https://git.kernel.org/stable/c/cb7b3633ed749db8e56f475f43c960652cbd6882
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39724.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39724
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc49436b657d0a56a6ad90d14a7c3041add7cf64dFixed0b882f00655afefbc7729c6b5aec86f7a5473a3dFixedb8ca8e3f75ede308b4d49a6ca5081460be01bdb5Fixed68c4613e89f000e8198f9ace643082c697921c9fFixedc826943abf473a3f7260fbadfad65e44db475460Fixedcb7b3633ed749db8e56f475f43c960652cbd6882Fixed8e2739478c164147d0774802008528d9e03fb802Fixed38c0ea484dedb58cb3a4391229933e16be0d1031Fixed7f8fdd4dbffc05982b96caf586f77a014b2a9353
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected6d5e79331417886196cb3a733bdb6645ba85bc42Last affected2401577586898b3590db80f8b97a26f81f0f6d4e