Wiz
Vulnerability DatabaseCVE-2025-39752

CVE-2025-39752
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2025-39752 is a vulnerability discovered in the Linux kernel affecting the ARM Rockchip SMP initialization process. The vulnerability was disclosed on September 11, 2025, and involves issues with trampoline code execution during secondary CPU initialization (NVD Database).

Technical details

The vulnerability occurs during the SMP (Symmetric Multi-Processing) initialization process on Rockchip ARM processors. When bringing up secondary CPUs, the main CPU writes trampoline code to SRAM while secondary CPUs are powered on. This can lead to kernel hangs, particularly on RK3188 CPUs, as secondary CPUs may execute the trampoline code at unexpected times (NVD Database).

Impact

The vulnerability can cause system instability and kernel hangs during the boot process, particularly affecting systems using RK3188 processors. This can result in system unavailability and potential disruption of services (NVD Database).

Mitigation and workarounds

A patch has been developed that moves the SRAM initialization step to a point where all secondary CPUs are powered down, preventing the unexpected execution of trampoline code. This fix has been specifically verified to resolve the hanging issues on RK3188 processors (NVD Database).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • kernel-debug-modules-internal
NoYesDec 09, 2025
CVE-2025-40343N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel
NoYesDec 09, 2025
CVE-2025-40342N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel-matched
NoYesDec 09, 2025
CVE-2025-40341N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug-modules-extra
NoYesDec 09, 2025
CVE-2025-40340N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug-kvm
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo