CVE-2025-68318

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68318

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68318.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-68318

Aliases

Downstream

BELL-CVE-2025-68318

DEBIAN-CVE-2025-68318

ECHO-4ef9-d9c2-fad1

ROOT-OS-DEBIAN-13-CVE-2025-68318

ROOT-OS-UBUNTU-2404-CVE-2025-68318

UBUNTU-CVE-2025-68318

USN-8029-1

USN-8030-1

Published

2025-12-16T15:39:47.965Z

Modified

2026-02-10T04:26:33.683426Z

Summary

clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL

Details

In the Linux kernel, the following vulnerability has been resolved:

clk: thead: th1520-ap: set all AXI clocks to CLKISCRITICAL

The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang.

Set all AXI clock gates to CLKISCRITICAL. All these clock gates are ungated by default on system reset.

In addition, convert all current CLKIGNOREUNUSED usage to CLKISCRITICAL to prevent unwanted clock gating.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68318.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ae81b69fd2b1eb4885b352749b1fd1172e2f0f18

Fixed

bdec5e01fc2f3114d1fb1daeb1000911d783c4ae

Fixed

c567bc5fc68c4388c00e11fc65fd14fe86b52070

Affected versions

v6.*

v6.10

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

v6.17.3

v6.17.4

v6.17.5

v6.17.6

v6.17.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68318.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.17.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68318.json"