CVE-2025-38649
📋 TL;DR
A Linux kernel vulnerability in Coresight debugging infrastructure on Qualcomm QCS615 systems creates an infinite loop when only source devices are enabled, leading to stack overflow and system crash. This affects Linux systems running on Qualcomm QCS615 hardware with Coresight enabled. The vulnerability can cause denial of service through system crashes.
💻 Affected Systems
- Linux kernel on Qualcomm QCS615 hardware
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash leading to denial of service, potentially requiring physical reboot if kernel panic occurs.
Likely Case
System instability or crash when Coresight debugging features are enabled and used.
If Mitigated
No impact if Coresight is disabled or systems are patched.
🎯 Exploit Status
Requires ability to interact with Coresight sysfs interface or kernel debugging features.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits a9aaadcb0a6c, bd4f35786d5f, or fbe5be7893b8
Vendor Advisory: https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For embedded systems, update the kernel image from your vendor. 3. No reboot required for kernel module updates, but kernel update requires reboot.
🔧 Temporary Workarounds
Disable Coresight debugging
LinuxDisable Coresight debugging infrastructure to prevent the infinite loop condition
echo 0 > /sys/bus/coresight/devices/coresight-replicator1/enable_sink
echo 0 > /sys/bus/coresight/devices/coresight-replicator1/enable_source
🧯 If You Can't Patch
- Disable Coresight debugging features through kernel command line or configuration
- Restrict access to Coresight sysfs interface to prevent triggering the condition
🔍 How to Verify
Check if Vulnerable:
Check if system uses Qualcomm QCS615 hardware and has Coresight enabled: 'ls /sys/bus/coresight/devices/'Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: 'uname -r' and verify against patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning coresight_find_activated_sysfs_sink
- Stack overflow errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
event_source="kernel" AND (message CONTAINS "coresight_find_activated_sysfs_sink" OR message CONTAINS "stack overflow" AND message CONTAINS "coresight")