CVE-2025-40352

In the Linux kernel, the following vulnerability has been resolved:

platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init

The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting
the following warning when the BlueField-3 SOC is booted:

  BUG: key ffff00008a3402a8 has not been registered!
  ------------[ cut here ]------------
  DEBUG_LOCKS_WARN_ON(1)
  WARNING: CPU: 4 PID: 592 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x1d4/0x2a0
<snip>
  Call trace:
   lockdep_init_map_type+0x1d4/0x2a0
   __kernfs_create_file+0x84/0x140
   sysfs_add_file_mode_ns+0xcc/0x1cc
   internal_create_group+0x110/0x3d4
   internal_create_groups.part.0+0x54/0xcc
   sysfs_create_groups+0x24/0x40
   device_add+0x6e8/0x93c
   device_register+0x28/0x40
   __hwmon_device_register+0x4b0/0x8a0
   devm_hwmon_device_register_with_groups+0x7c/0xe0
   mlxbf_pmc_probe+0x1e8/0x3e0 [mlxbf_pmc]
   platform_probe+0x70/0x110

The mlxbf_pmc driver must call sysfs_attr_init() during the
initialization of the "count_clock" data structure to avoid
this warning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
trixie
6.12.57-1
not-affected
bookworm
6.1.148-1
not-affected
bullseye (security)
5.10.247-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/46be1f5aae82b4136f676528ff091629697c7719
https://git.kernel.org/stable/c/a7b4747d8e0e7871c3d4971cded1dcc9af6af9e9