{"id":"AZL-66629","summary":"CVE-2025-38623 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Fix surprise plug detection and recovery\n\nThe existing PowerNV hotplug code did not handle surprise plug events\ncorrectly, leading to a complete failure of the hotplug system after device\nremoval and a required reboot to detect new devices.\n\nThis comes down to two issues:\n\n 1) When a device is surprise removed, often the bridge upstream\n    port will cause a PE freeze on the PHB.  If this freeze is not\n    cleared, the MSI interrupts from the bridge hotplug notification\n    logic will not be received by the kernel, stalling all plug events\n    on all slots associated with the PE.\n\n 2) When a device is removed from a slot, regardless of surprise or\n    programmatic removal, the associated PHB/PE ls left frozen.\n    If this freeze is not cleared via a fundamental reset, skiboot\n    is unable to clear the freeze and cannot retrain / rescan the\n    slot.  This also requires a reboot to clear the freeze and redetect\n    the device in the slot.\n\nIssue the appropriate unfreeze and rescan commands on hotplug events,\nand don't oops on hotplug if pci_bus_to_OF_node() returns NULL.\n\n[bhelgaas: tidy comments]","modified":"2026-04-01T05:21:01.200024Z","published":"2025-08-22T16:15:35Z","upstream":["CVE-2025-38623"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38623"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66629.json"}}],"schema_version":"1.7.5"}