CVE-2025-38136

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc7+

Description: A vulnerability in the Linux kernel has been resolved, specifically in the renesas usbhs module. The issue arises from the incorrect ordering of clock handling and power management in the probe function, leading to potential crashes due to uninitialized clocks. The problematic call flow involves the usbhs probe() function, which accesses registers before enabling the clocks, resulting in a synchronous external abort on the RZ/V2H SoC. The estimated number of potentially affected devices is not provided.

Recommendations: For Linux kernel versions prior to 6.14.0-rc7+, update to a version that includes the fix for the renesas usbhs module, which reorders the initialization sequence in usbhs probe() to enable runtime PM before accessing registers. As a temporary workaround, consider disabling the usbhs probe() function until a patch is available. Restrict access to the renesas usbhs module to minimize the risk of exploitation.