CVE-2025-38010

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking<br /> <br /> The current implementation uses bias_pad_enable as a reference count to<br /> manage the shared bias pad for all UTMI PHYs. However, during system<br /> suspension with connected USB devices, multiple power-down requests for<br /> the UTMI pad result in a mismatch in the reference count, which in turn<br /> produces warnings such as:<br /> <br /> [ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170<br /> [ 237.763103] Call trace:<br /> [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170<br /> [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30<br /> [ 237.763110] phy_power_off+0x48/0x100<br /> [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500<br /> [ 237.763119] tegra_xusb_suspend+0x48/0x140<br /> [ 237.763122] platform_pm_suspend+0x2c/0xb0<br /> [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0<br /> [ 237.763127] __device_suspend+0x118/0x330<br /> [ 237.763129] dpm_suspend+0x10c/0x1f0<br /> [ 237.763130] dpm_suspend_start+0x88/0xb0<br /> [ 237.763132] suspend_devices_and_enter+0x120/0x500<br /> [ 237.763135] pm_suspend+0x1ec/0x270<br /> <br /> The root cause was traced back to the dynamic power-down changes<br /> introduced in commit a30951d31b25 ("xhci: tegra: USB2 pad power controls"),<br /> where the UTMI pad was being powered down without verifying its current<br /> state. This unbalanced behavior led to discrepancies in the reference<br /> count.<br /> <br /> To rectify this issue, this patch replaces the single reference counter<br /> with a bitmask, renamed to utmi_pad_enabled. Each bit in the mask<br /> corresponds to one of the four USB2 PHYs, allowing us to track each pad&amp;#39;s<br /> enablement status individually.<br /> <br /> With this change:<br /> - The bias pad is powered on only when the mask is clear.<br /> - Each UTMI pad is powered on or down based on its corresponding bit<br /> in the mask, preventing redundant operations.<br /> - The overall power state of the shared bias pad is maintained<br /> correctly during suspend/resume cycles.<br /> <br /> The mutex used to prevent race conditions during UTMI pad enable/disable<br /> operations has been moved from the tegra186_utmi_bias_pad_power_on/off<br /> functions to the parent functions tegra186_utmi_pad_power_on/down. This<br /> change ensures that there are no race conditions when updating the bitmask.