CVE-2025-68236

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s UFS (Universal Flash Storage) subsystem, specifically within the ufs-qcom component, related to power-down sequences. During UFS device power down, asserting a hardware reset (HWRST) can trigger the device firmware to wake up and initialize hardware blocks, potentially drawing a large current (ICCQ). This current surge may exceed the regulator’s limits, leading to an overcurrent protection (OCP) fault, particularly when the regulator framework initiates a low-power mode (LPM) request concurrently. The issue arises because the host has no way to determine when the reset operation is complete, necessitating a fixed delay after asserting HWRST to allow the reset to finish while power rails remain active.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.