CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: pnv_php: Fix surprise plug detection and recovery<br /> <br /> The existing PowerNV hotplug code did not handle surprise plug events<br /> correctly, leading to a complete failure of the hotplug system after device<br /> removal and a required reboot to detect new devices.<br /> <br /> This comes down to two issues:<br /> <br /> 1) When a device is surprise removed, often the bridge upstream<br /> port will cause a PE freeze on the PHB. If this freeze is not<br /> cleared, the MSI interrupts from the bridge hotplug notification<br /> logic will not be received by the kernel, stalling all plug events<br /> on all slots associated with the PE.<br /> <br /> 2) When a device is removed from a slot, regardless of surprise or<br /> programmatic removal, the associated PHB/PE ls left frozen.<br /> If this freeze is not cleared via a fundamental reset, skiboot<br /> is unable to clear the freeze and cannot retrain / rescan the<br /> slot. This also requires a reboot to clear the freeze and redetect<br /> the device in the slot.<br /> <br /> Issue the appropriate unfreeze and rescan commands on hotplug events,<br /> and don&amp;#39;t oops on hotplug if pci_bus_to_OF_node() returns NULL.<br /> <br /> [bhelgaas: tidy comments]