CVE-2025-38516: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-38516 is a vulnerability in the Linux kernel's pinctrl-msm driver that was discovered and disclosed on August 16, 2025. The vulnerability affects the handling of UFS-reset pins in the TLMM (Top Level Mode Multiplexer) system, where certain pins without interrupt logic are incorrectly registered as GPIO in the kernel (NVD Database).

The vulnerability occurs when pins with intrdetectionwidth settings not equal to 1 or 2 are requested for interrupts, triggering a BUG() in the msmgpioirqsettype() function. This can be triggered from user-space using commands like gpiomon -c 0 113 on affected platforms. The issue specifically affects the pinctrl: qcom: msm component of the Linux kernel (Debian Tracker).

When exploited, this vulnerability can cause a kernel crash due to invalid requests from user-space, potentially leading to system instability and denial of service conditions (NVD Database).

The issue has been fixed in various Linux distributions with specific version updates. Debian has addressed this in bookworm (security) version 6.1.147-1 and trixie (security) version 6.12.41-1. The fix involves marking certain pins as invalid for the irq chip to prevent them from being registered as available irqs (Debian Tracker).