CVE-2025-71193

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.7+ #116

Description The Linux kernel contains a flaw related to power management in the Qualcomm USB2 PHY driver (qcom-qusb2). Enabling runtime power management before the QPHY instance is attached as driver data can lead to a NULL pointer dereference within runtime power management callbacks. This can result in a sporadic crash during the boot process. The issue occurs due to a small window where the suspend callback may execute after runtime PM is enabled but before it is forbidden. The function qusb2 phy runtime suspend is involved in this issue.

Recommendations Versions prior to 6.16.7+ #116 should be updated to a newer version that includes the fix. Attach the QPHY instance as driver data before enabling runtime PM. Reorder the calls to pm runtime enable() and pm runtime forbid() to prevent unnecessary runtime suspend. Utilize the devres-managed version to ensure PM runtime is symmetrically disabled during driver removal.