ghsa-5r3f-3vjw-2jp6
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init
The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting the following warning when the BlueField-3 SOC is booted:
BUG: key ffff00008a3402a8 has not been registered! ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 4 PID: 592 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x1d4/0x2a0 Call trace: lockdep_init_map_type+0x1d4/0x2a0 __kernfs_create_file+0x84/0x140 sysfs_add_file_mode_ns+0xcc/0x1cc internal_create_group+0x110/0x3d4 internal_create_groups.part.0+0x54/0xcc sysfs_create_groups+0x24/0x40 device_add+0x6e8/0x93c device_register+0x28/0x40 __hwmon_device_register+0x4b0/0x8a0 devm_hwmon_device_register_with_groups+0x7c/0xe0 mlxbf_pmc_probe+0x1e8/0x3e0 [mlxbf_pmc] platform_probe+0x70/0x110
The mlxbf_pmc driver must call sysfs_attr_init() during the initialization of the "count_clock" data structure to avoid this warning.
{
"affected": [],
"aliases": [
"CVE-2025-40352"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-16T14:15:47Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init\n\nThe lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting\nthe following warning when the BlueField-3 SOC is booted:\n\n BUG: key ffff00008a3402a8 has not been registered!\n ------------[ cut here ]------------\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 4 PID: 592 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x1d4/0x2a0\n\u003csnip\u003e\n Call trace:\n lockdep_init_map_type+0x1d4/0x2a0\n __kernfs_create_file+0x84/0x140\n sysfs_add_file_mode_ns+0xcc/0x1cc\n internal_create_group+0x110/0x3d4\n internal_create_groups.part.0+0x54/0xcc\n sysfs_create_groups+0x24/0x40\n device_add+0x6e8/0x93c\n device_register+0x28/0x40\n __hwmon_device_register+0x4b0/0x8a0\n devm_hwmon_device_register_with_groups+0x7c/0xe0\n mlxbf_pmc_probe+0x1e8/0x3e0 [mlxbf_pmc]\n platform_probe+0x70/0x110\n\nThe mlxbf_pmc driver must call sysfs_attr_init() during the\ninitialization of the \"count_clock\" data structure to avoid\nthis warning.",
"id": "GHSA-5r3f-3vjw-2jp6",
"modified": "2025-12-16T15:30:43Z",
"published": "2025-12-16T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40352"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46be1f5aae82b4136f676528ff091629697c7719"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7b4747d8e0e7871c3d4971cded1dcc9af6af9e9"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.